Taking your feedback on the Security Update Guide
Fri, 21 Apr 2017 17:37:17 -0600
The Security Update Guide has been in public preview since November 2016. This month marked our first release when security update information was published entirely in the new format. Over the last few months, customers and partners have provided a lot of feedback on the direction and implementation of the Security Update Guide. As we...
Bountycraft at Nullcon 2017
Thu, 20 Apr 2017 21:59:24 -0600
Security is a critical component of our products at Microsoft. A strong emphasis on security is a persistent factor throughout our entire development process. Microsoft is committed to designing and developing secure software. Testing is performed both internally and by working closely with the broader security community. This is done through a wide range of...
Protecting customers and evaluating risk
Sat, 15 Apr 2017 05:59:23 -0600
Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already patched. Below is our update on the investigation. When a potential vulnerability is reported to...
April 2017 security update release
Tue, 11 Apr 2017 17:10:15 -0600
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team
Announcing the new Bug Bounty Program for Office Insider Builds on Windows
Wed, 15 Mar 2017 17:00:13 -0600
We’ve engineered Office to be secure by design and continually invest in enhancing its security capabilities. In the spirit of maintaining a high security bar in Office, we’re launching the Bug Bounty Program for Office Insider Builds on Windows. The Office Bug Bounty Program complements our continuous internal engineering investments that include designing secure features...
March 2017 security update release
Tue, 14 Mar 2017 17:09:23 -0600
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Security bulletins were also published this month to give customers extra time to ensure they are...
Office 365 security researchers: Double your bounties March-May 2017
Wed, 01 Mar 2017 17:00:50 -0700
Microsoft strives to protect our customers and we’re constantly improving our security posture to meet their needs. We realize the desire of researchers and customers to security test our services to ensure they can trust us and our solutions. We also believe that if a researcher informs us of a security flaw in our Office...
SHA-1 Collisions Research
Thu, 23 Feb 2017 20:21:08 -0700
Today, a group of eight researchers from across the security industry released a research report on SHA-1 that demonstrates for the first time, a “hash collision” for the full SHA-1 hash algorithm (called “SHAttered”). This is a significant step toward understanding this type of security issue, a milestone in cryptanalysis that has been underway for...
Adobe Flash Player security vulnerability release
Tue, 21 Feb 2017 22:02:12 -0700
Today, we released an Adobe Flash Player security update to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about these updates can be found on the Security Update Guide. MSRC team
February 2017 security update release
Tue, 14 Feb 2017 16:00:24 -0700
UPDATE: 2/15/17: We will deliver updates as part of the planned March Update Tuesday, March 14, 2017. Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for...