Allgemeine Sicherheitsinformationen von Microsoft

Results of Major Technical Investigations for Storm-0558 Key Acquisition
on 6. September 2023 at 7:00

On July 11, 2023, Microsoft published a blog post which details how the China-Based threat actor, Storm-0558, used an acquired Microsoft account (MSA) consumer key to forge tokens to access OWA and Outlook.com. Upon identifying that the threat actor had acquired the consumer key, Microsoft performed a comprehensive technical investigation into the acquisition of the Microsoft account consumer signing key, including how it was used to access enterprise email.

  • Azure Serial Console Attack and Defense - Part 1
    on 10. August 2023 at 7:00

    Ever had a virtual machine crash? Azure Serial console is a great way to directly connect to your Virtual machine and debug what went wrong. Azure Serial Console is a feature that’s available for free for everyone. While the primary intent of this feature is to assist users debug their machine, there are several interesting ways to abuse the features and compromise sensitive information.

  • Congratulations to the MSRC 2023 Most Valuable Security Researchers!
    on 8. August 2023 at 7:00

    The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s top 100 Most Valuable Researchers (MVRs) based on the total number of points earned for each valid report.

  • Updating our Vulnerability Severity Classification for AI Systems
    on 8. August 2023 at 7:00

    The Microsoft Security Response Center (MSRC) is always looking for ways to provide clarity and transparency around how we assess the impact of vulnerabilities reported in our products and services. To this end, we are announcing the Microsoft Vulnerability Severity Classification for AI Systems, an update to Microsoft’s existing vulnerability severity classification (i.

  • Microsoft Bug Bounty Program Year in Review: $13.8M in Rewards
    on 7. August 2023 at 7:00

    We are thrilled to share the results of our collaboration with over 345 security researchers from +45 countries around the world in the past 12 months. Together, we have discovered and fixed more than a thousand potential security issues before they impacted our customers. In recognition of this valuable collaboration, we have awarded $13.

  • Microsoft mitigates Power Platform Custom Code information disclosure vulnerability
    on 4. August 2023 at 7:00

    Summary Summary On 30 March 2023, Tenable informed Microsoft under Coordinated Vulnerability Disclosure (CVD) of a security issue concerning Power Platform Custom Connectors using Custom Code. This feature allows customers to write code for custom connectors. This issue has been fully addressed for all customers and no customer remediation action is required.

  • BlueHat October 2023 Call for Papers is Now Open!
    on 27. Juli 2023 at 7:00

    As you may have seen on social media, the next BlueHat conference will be October 11 – 12, 2023, on Microsoft’s Redmond campus in Washington state, USA. The Call for Papers (CFP) is now open through August 18, 2023. The BlueHat community is a unique blend of security researchers and responders from both inside and outside of Microsoft, who come together as peers to exchange ideas, experiences, and learnings in the interest of creating a safer and more secure world for all.

  • Updated Researcher Portal Submission Form: Discover the New Fields in the Submission Form
    on 20. Juli 2023 at 7:00

    Summary: We are excited to announce the release of the updated Researcher Portal submission form. These new fields allow Security Researchers to provide additional context for the reported security issue, providing product teams with more data for analysis, gain insights and identify trends across multiple reported security vulnerabilities. The additional fields are not mandatory fields to submit a report.

  • From Bounty Leaderboards to Microsoft Security Researcher, Meet Cameron Vincent!
    on 17. Juli 2023 at 7:00

    Fun Facts: Game you binged: Guitar Hero and Rock Band fanatic. Go to snack: Nutri-Grain Bars. Favorite Drink: Soda – Coca Cola specifically. Favorite Place: Singapore – stayed an extra week after a hacking collaboration and truly fell in love and hopes to get back as soon as possible. Favorite Movie/Genre: Parasite – Korean Cinema, had been watching Koren Cinema before it became a thing.

  • What to Expect When Reporting Vulnerabilities to Microsoft
    on 14. Juli 2023 at 9:00

    At the Microsoft Security Response Center (MSRC), our mission is to protect our customers, communities, and Microsoft from current and emerging threats to security and privacy. One of the ways we do this is by working with security researchers to discover security vulnerabilities in our services and products, and then making sure those that pose a threat to customers get fixed.

  • Congratulations to the Top MSRC 2023 Q2 Security Researchers!
    on 14. Juli 2023 at 7:00

    Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q2 Security Researcher Leaderboard are: Yuki Chen, HAO LI, wkai! Check out the full list of researchers recognized this quarter here.

  • Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email
    on 11. Juli 2023 at 7:00

    UPDATE: Microsoft performed a comprehensive technical investigation into the acquisition of the Microsoft account consumer signing key, including how it was used to access enterprise email. Our technical investigation has concluded, and on September 6, 2023, we published our investigation findings. Microsoft has released threat analysis on Storm-0558 activity here. Microsoft additionally released additional defense-in-depth security fixes to help customers improve token validation in their custom applications.

  • Breaking Barriers: Aditi’s Journey Through Sight Loss to Microsoft AI Innovator
    on 28. Juni 2023 at 7:00

    Facts about Aditi Shah: Tools she uses: Aditi’s main tool is JAWS, a screen reader from Freedom Scientific, which she touts as the best in the market. This tool has made her digital life more manageable, enabling her to perform almost any task independently. Aditi also uses Seeing AI, a Microsoft app that she uses for important life tasks, like reading her mail, providing descriptions of different products, identifying colors for her outfits, and more.

  • Potential Risk of Privilege Escalation in Azure AD Applications
    on 20. Juni 2023 at 7:00

    Summary Summary Microsoft has developed mitigations for an insecure anti-pattern used in Azure AD (AAD) applications highlighted by Descope, and reported to Microsoft, where use of the email claim from access tokens for authorization can lead to an escalation of privilege. An attacker can falsify the email claim in tokens issued to applications.

  • Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks
    on 16. Juni 2023 at 7:00

    Summary Summary Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359. These attacks likely rely on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools.

  • Microsoft mitigates set of cross-site scripting (XSS) vulnerabilities in Azure Bastion and Azure Container Registry
    on 14. Juni 2023 at 7:00

    Summary Summary Microsoft recently mitigated a set of cross-site scripting vulnerabilities affecting Azure Bastion and Azure Container Registry (ACR). Exploitation of these vulnerabilities could have potentially allowed for an unauthorized user to gain access to a target user’s session within the compromised Azure service, and subsequently lead to data tampering or resource modification.

  • Hey Yara, find some vulnerabilities
    on 8. Juni 2023 at 7:00

    Intro Intro Finding vulnerabilities in software is no easy task by itself. Doing this at cloud scale is very challenging to perform manually, and we use tools to help us identify patterns or vulnerability signatures. Yara is one of those tools. Yara is a very popular tool with Blue teams, malware researchers, and for good reason.

  • Announcing The BlueHat Podcast: Listen and Subscribe Now!
    on 17. Mai 2023 at 7:00

    Available today on all major podcast platforms is The BlueHat Podcast, a new series of security research focused conversations, continuing the themes from the BlueHat 2023 conference (session recordings available to watch here). Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers: to debate, discuss, share, challenge, celebrate and learn.

  • Guidance related to Secure Boot Manager changes associated with CVE-2023-24932
    on 9. Mai 2023 at 7:00

    Summary Summary Today, Microsoft is releasing CVE-2023-24932, and associated configuration guidance, to address a Secure Boot bypass vulnerability used by the BlackLotus bootkit to exploit CVE-2022-21894. Customers will need to closely follow the configuration guidance to fully protect against this vulnerability. This vulnerability allows an attacker to execute self-signed code at the Unified Extensible Firmware Interface (UEFI) level while Secure Boot is enabled.

  • Microsoft Vulnerability Severity Classification for Online Services Publication
    on 18. April 2023 at 7:00

    The Microsoft Security Response Center (MSRC) is always looking for ways to provide clarity and transparency around how we assess the impact of vulnerabilities reported in our products and services. We have published a new Microsoft Vulnerability Severity Classification for Online Services to provide additional information about our approach to online services and web applications.

  • Congratulations to the Top MSRC 2023 Q1 Security Researchers!
    on 13. April 2023 at 7:00

    Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q1 Security Researcher Leaderboard are: Kai Lu (@K3vinLuSec), Yuki Chen, and wh1tc & Edwardzpeng! Check out the full list of researchers recognized this quarter here.

  • Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access
    on 11. April 2023 at 7:00

    Summary Summary Azure provides developers and security operations staff a wide array of configurable security options to meet organizational needs. Throughout the software development lifecycle, it is important for customers to understand the shared responsibility model, as well as be familiar with various security best practices. This is particularly important in deploying Azure Functions and in provisioning Azure Role Based Access Control as customers are responsible for configuring and managing applications, identity, and data.

  • Guidance on Potential Misconfiguration of Authorization of Multi-Tenant Applications that use Azure AD
    on 29. März 2023 at 7:00

    Summary Summary Microsoft has addressed an authorization misconfiguration for multi-tenant applications that use Azure AD, initially discovered by Wiz, and reported to Microsoft, that impacted a small number of our internal applications. The misconfiguration allowed external parties read and write access to the impacted applications. Microsoft immediately corrected the misconfiguration and added additional authorization checks to address the issue and confirmed that no unintended access had occurred.

  • Microsoft Mitigates Outlook Elevation of Privilege Vulnerability
    on 14. März 2023 at 13:00

    May 9, 2023 update: Releases for Microsoft Products has been updated with the release of CVE-2023-29324 - Security Update Guide - Microsoft - Windows MSHTML Platform Security Feature Bypass Vulnerability March 24, 2023 update: Impact Assessment has been updated to a link to Guidance for investigating attacks using CVE-2023-23397 - Microsoft Security Blog.

  • Azure Kubernetes Service (AKS) Threat Hunting
    on 1. März 2023 at 8:00

    As more businesses shift away from running workloads on dedicated virtual machines to running them inside containers using workload orchestrators like Kubernetes, adversaries have become more interested in them as targets. Moreover, the benefits Kubernetes provides for managing workloads are also extended to adversaries. As adversaries leverage Kubernetes to run their workloads, their understanding of how these platforms work and can be exploited increases.

  • Configuring host-level audit logging for AKS VMSS
    on 1. März 2023 at 8:00

    This blog post runs you through how to enable and configure Linux audit logging on your Azure Kubernetes Service (AKS) Virtual Machine Scale Set (VMSS) using the Linux auditing subsystem, also known as auditd. Warning The information provided below is accurate as of the release date of this blog post (2023-03) and guidance may change in future.

  • First steps in CHERIoT Security Research
    on 28. Februar 2023 at 8:00

    At Microsoft, we invest a lot of time researching and investigating possibilities in our journey to memory safety. Because the massive majority of existing codebases are written in unsafe programming languages, the task of protecting legacy code is very important. Hardware solutions are an attractive approach because they introduce very powerful security properties with low overheads compared to purely software solutions.

  • New MSRC Blog Site
    on 8. Februar 2023 at 8:00

    We are excited to announce the release of the new Microsoft Security Response Center (MSRC) blog site. Please visit msrc.microsoft.com/blog/ starting February 9th, 2023, for all past and future MSRC blog content. In addition to the new URL, we have refreshed the site with a new look and improved site performance, search, categories, and tags to help users easily find content.

  • BlueHat 2023: Connecting the security research community with Microsoft
    on 6. Februar 2023 at 8:00

    We’re excited to welcome more than 400 members of the security research community from around the world to Redmond, Washington for BlueHat 2023. Hosted by the Microsoft Security Response Center (MSRC), BlueHat is where the security research community, and Microsoft security professionals, come together as peers to connect, share, learn, and exchange ideas in the interest of creating a safer and more secure world for all.

  • Microsoft Investigation - Threat actor consent phishing campaign abusing the verified publisher process
    on 31. Januar 2023 at 8:00

    Summary Summary On December 15th, 2022, Microsoft became aware of a consent phishing campaign involving threat actors fraudulently impersonating legitimate companies when enrolling in the Microsoft Cloud Partner Program (MCPP) (formerly known as Microsoft Partner Network (MPN)). The actor used fraudulent partner accounts to add a verified publisher to OAuth app registrations they created in Azure AD.

  • Congratulations to the Top MSRC 2022 Q4 Security Researchers!
    on 26. Januar 2023 at 8:00

    Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q4 Security Researcher Leaderboard are: goodbyeselene, Jarvis_1oop, and kap0k! Check out the full list of researchers recognized this quarter here.

  • Microsoft resolves four SSRF vulnerabilities in Azure cloud services
    on 17. Januar 2023 at 8:00

    Summary Summary Microsoft recently fixed a set of Server-Side Request Forgery (SSRF) vulnerabilities in four Azure services (Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins) reported by Orca Security. These SSRF vulnerabilities were determined to be low risk as they do not allow access to sensitive information or Azure backend services.

  • Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
    on 6. Januar 2023 at 8:00

    Microsoft is pleased to announce that beginning January 11, 2023, we will publish CBL-Mariner CVEs in the Security Update Guide (SUG) Common Vulnerability Reporting Framework (CVRF) API. CBL-Mariner is a Linux distribution built by Microsoft to power Azure’s cloud and edge products and services and is currently in preview as an AKS Container Host.

  • Security Update Guide Improvement – Representing Hotpatch Updates
    on 29. Dezember 2022 at 8:00

    Today we are updating the way Microsoft Security Update Guide (SUG) represents the Windows Hotpatch feature to make it easier for users to identify the hotpatch and security updates. Hotpatching was introduced a year ago as a new way to install updates on supported Windows Server Azure Edition virtual machines (VMs) without requiring a reboot after installation.

  • BlueHat 2023: Applications to Attend NOW OPEN!
    on 2. Dezember 2022 at 8:00

    We are excited to announce that applications to attend BlueHat 2023 are now open We are excited to announce that applications to attend BlueHat 2023 are now open BlueHat 2023 will be the 20th version of the BlueHat conference and will once again be on the Microsoft campus in Redmond, WA, USA, from February 8 – 9, 2023.

  • A Ride on the Wild Side with Hacking Heavyweight Sick Codes
    on 29. November 2022 at 8:00

    Beverage of Choice: Krating Daeng (Thai Red Bull) Industry Influencer he Admires: Casey John Ellis What did you want to be when you grew up? A physician and nearly did Hobbies (Present & Past): Motorcycling & Australian Football Bucket List: Continuing to discover new software Fun Fact: He currently has 2,000 tabs open

  • Announcing the Microsoft Machine Learning Membership Inference Competition (MICO)
    on 16. November 2022 at 8:00

    We’re excited to announce the launch of a new competition focusing on the security and privacy of machine learning (ML) systems. Machine learning has already become a key enabler in many products and services, and this trend is likely to continue. It is therefore critical to understand the security and privacy guarantees provided by state-of-the-art ML algorithms – indeed this is one of Microsoft’s Responsible AI Principles.

  • Awareness and guidance related to OpenSSL 3.0 - 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602)
    on 2. November 2022 at 7:00

    Summary Summary Microsoft is aware and actively addressing the impact associated with the recent OpenSSL vulnerabilities announced on October 25th 2022, fixed in version 3.0.7. As part of our standard processes, we are rolling out fixes for impacted services. Any customer action that is required will be highlighted in this blog and our associated Security Update Guides (CVE-2022-3786 Security Update Guide and CVE-2022-3602 Security Update Guide).

  • Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB
    on 1. November 2022 at 7:00

    Summary Summary Microsoft recently fixed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB (currently in preview) reported by Orca Security. Customers not using Jupyter Notebooks (99.8% of Azure Cosmos DB customers do NOT use Jupyter notebooks) were not susceptible to this vulnerability. The bug was introduced on August 12th and fully patched worldwide on Oct 6th, two days after it was reported.

  • Reflecting on Cybersecurity Awareness Month: At its Core, Cybersecurity is all about People
    on 31. Oktober 2022 at 7:00

    As Cybersecurity Awareness Month 2022 comes to a close, I’m grateful for the impact it has had in bringing cybersecurity to the forefront since it began in 2004. Though the month may be over, our work in cybersecurity is never done. Often, we think about cybersecurity as a complex technology problem, but at its core, it’s really about people: the customers and communities we work to protect and defend, the current and future cybersecurity professionals on the front lines of the fight, and the larger security community coming together to strengthen cybersecurity for all.

  • Congratulations to the Top MSRC 2022 Q3 Security Researchers!
    on 24. Oktober 2022 at 7:00

    Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q3 Security Researcher Leaderboard are: Zhiyi Zhang , Yuki Chen , and Dang The Tuyen! Check out the full list of researchers recognized this quarter here.

  • Investigation Regarding Misconfigured Microsoft Storage Location
    on 19. Oktober 2022 at 7:00

    October 28, 2022 update: Added a Customer FAQ section. Summary Summary Security researchers at SOCRadar informed Microsoft on September 24, 2022, of a misconfigured Microsoft endpoint. This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services.

  • Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client risk
    on 19. Oktober 2022 at 7:00

    Summary Summary Microsoft was recently made aware of a Cross-Site Scripting (XSS) vulnerability (CVE-2022-35829), that under limited circumstances, affects older versions of Service Fabric Explorer (SFX). The current default SFX web client (SFXv2) is not vulnerable to this attack. However, customers can manually switch from the default web client (SFXv2) to an older vulnerable SFX web client version (SFXv1).

  • BlueHat 2023 Call for Papers is Now Open!
    on 13. Oktober 2022 at 7:00

    For nearly 20 years, BlueHat has been where the security research community, and Microsoft security professionals come together as peers, to share, debate, challenge, learn, and exchange ideas in the interest of creating a safer and more secure world for all. We are extremely excited to announce that BlueHat is back in-person and the 2023 Call for Papers (CFP) is now open through December 8!

  • Hunting for Cobalt Strike: Mining and plotting for fun and profit
    on 13. Oktober 2022 at 7:00

    Introduction Introduction Cobalt Strike is a commercial Command and Control framework built by Helpsystems. You can find out more about Cobalt Strike on the MITRE ATT&CK page. But it can also be used by real adversaries. In this post we describe how to use RiskIQ and other Microsoft technologies to see if you have Cobalt Strike payloads (also called “beacons”) in your network.

  • Improvements in Security Update Notifications Delivery - And a New Delivery Method
    on 12. Oktober 2022 at 7:00

    At MSRC, we are passionate about ensuring our customers have a positive experience when they use the Microsoft Security Update Guide (SUG). A big part of improving that experience is ensuring that customers have timely and easily accessible notifications. As such we have two important announcements to share about changes to the way we provide notifications.

  • Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server
    on 30. September 2022 at 7:00

    November 8, 2022 update - Microsoft released security updates for CVE-2022-41040 and CVE-2022-41082. We recommend that customers protect their organizations by applying the updates immediately to affected systems. The options described in the Mitigations section are no longer recommended. For more information, review the Exchange Team blog. Summary Summary On November 8 Microsoft released security updates for two zero-day vulnerabilities affecting Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019.

  • Defense-in-Depth Updates for Azure Identity libraries and Azure Key Vault libraries within Azure SDK plus Best Practice Implementation Guidance
    on 20. September 2022 at 7:00

    Summary Summary Today, Microsoft released new versions of the Azure Key Vault libraries and Azure Identity libraries as part of the Azure Software Development Kit (SDK) that includes defense-in-depth feature improvements. We also published best practice guidance to help protect applications and services that allow externally controlled input into the Azure Key Vault client URI for processing.

  • Curious, Innovative, Creative, Community Driven: Meet Cyb3rWard0g, Roberto Rodriquez
    on 7. September 2022 at 7:00

    When I grow up I want to be? Dancer or a veterinarian Happiest memories: Tearing up the dance floor at weddings and playing soccer in the streets of Lima, Peru Previous Job roles : Mopped floors for McDonalds, packed boxes at an Avon warehouse, Manager at Olive Garden, Beer taster/server and then dove into tech and security

  • What’s the smallest variety of CHERI?
    on 6. September 2022 at 7:00

    The Portmeirion project is a collaboration between Microsoft Research Cambridge, Microsoft Security Response Center, and Azure Silicon Engineering & Solutions. Over the past year, we have been exploring how to scale the key ideas from CHERI down to tiny cores on the scale of the cheapest microcontrollers. These cores are very different from the desktop and server-class processors that have been the focus of the Morello project.