Microsoft Support & Discussions

Today, a group of eight researchers from across the security industry released a research report on SHA-1 that demonstrates for the first time, a “hash collision” for the full SHA-1 hash algorithm (called “SHAttered”). This is a significant step toward understanding this type of security issue, a milestone in cryptanalysis that has been underway for the past decade. Continue reading...

Today, we released an Adobe Flash Player security update to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about these updates can be found on the Security Update Guide. MSRC team Continue reading...

UPDATE: 2/15/17: We will deliver updates as part of the planned March Update Tuesday, March 14, 2017. Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today. Continue reading...

EMET 5.52 is the latest version of the Enhanced Mitigation Experience Toolkit (EMET) and is now available for download. EMET 5.52 is a minor update from EMET 5.51 to address the following: An issue with the EAF mitigation that causes some applications to hang on Windows 7 SP1. A fix to the MSI installer to allow in-place upgrade behavior. Continue reading...

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library. MSRC team Continue reading...

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library. MSRC team Continue reading...

Microsoft is committed to delivering comprehensive security updates to our customers. Information about the security updates we release are currently made available on the Microsoft Security Bulletin website. However, our customers have asked for better access to update information, as well as easier ways to customize their view to serve a diverse set of needs. Continue reading...

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library. MSRC team Continue reading...

EMET – Then and Now EMET – Then and Now Microsoft’s Trustworthy Computing initiative was 7 years old in 2009 when we first released the Enhanced Mitigation Experience Toolkit (EMET). Despite substantial improvements in Windows OS security during that same period, it was clear that the way we shipped Windows at the time (3-4 years between major releases) was simply too slow to respond quickly to emerging threats. Continue reading...

Microsoft is excited to announce David Kennedy, CEO of TrustedSec and Binary Defense Systems, as the BlueHat v16 keynote speaker. David is a well-known speaker from the community, a published author, and the founder of the DerbyCon Security Conference. His keynote, entitled “The Security Monty Python and the Holy Grail”, will open the general conference this Thursday. Continue reading...

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library. MSRC team Continue reading...

Microsoft is thrilled to announce BlueHat IL 2017. This will mark the first time BlueHat is held in Tel Aviv and it will take place on January 24-25, 2017. Given its location, Israel further serves as a harness which draws in researchers from across Europe, Asia and the Middle East. Continue reading...

Security is a critical component in all our products at Microsoft. An emphasis on strong security starts at the beginning of all our work, including threat modelling as part of the design process and the consideration of Apple’s own security recommendations for our products on Apple’s platforms. As an example of this approach, I’d like to share some of the work we’re doing to help secure Mac Office 2016. Continue reading...

On August 4, 2016 we launched a bounty program that targets Remote Code Execution (RCE) vulnerabilities in Microsoft Edge on the Windows Insider Preview Slow (WIP slow). Today, we will be making additions to this bounty program. Since security is a continuous effort and not a destination, we prioritize acquiring different types of vulnerabilities in different points of time. Continue reading...

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library. MSRC Team Continue reading...

It’s our pleasure to announce another exciting expansion of the Microsoft Bounty Programs. Today, we will be adding .NET Core and ASP.NET Core to our suite of ongoing bounty programs. We are offering a bounty on the Windows and Linux versions of .NET Core and ASP.NET Core starting on September 1, 2016. Continue reading...

Over the summer we had overwhelming response to our BlueHat v16 call for papers. We would like to give a special thanks to all who submitted papers for consideration. The range of content and quality of content was exceptional. So with that, today we are happy to announce our schedule for the general audience portion of the conference. Continue reading...

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library. MSRC team Continue reading...

I’m very happy to announce another addition to the Microsoft Bounty Programs. Microsoft will be hosting a bounty for Remote Code Execution vulnerabilities in Microsoft Edge on Windows Insider Preview builds. This bounty continues our partnership with the security research community in working to secure our platforms, in pre-release stages of the development process. Continue reading...

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library. MSRC team Continue reading...

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library. MSRC team Continue reading...

Today I have another exciting expansion of the Microsoft Bounty Program. Please visit Microsoft Bounty Programs | MSRC to find out more. As we approach release for .NET Core and ASP.NET, we would like to get even more feedback from the security research community. We are offering a bounty on the .NET Core and ASP. Continue reading...

Microsoft is pleased to announce our sixteenth BlueHat Security Conference set for November 3-4, 2016 at the Microsoft Conference Center here in Redmond. BlueHat is a unique opportunity for Microsoft engineers and the security community to come together learn about the current threat landscape and challenge the thinking and we actions we do in security. Continue reading...

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library. MSRC team Continue reading...

Updates have historically been published on both the Microsoft Download Center and the Microsoft Update Catalog and Security Bulletins linked directly to update packages on the Microsoft Download Center. Some updates will no longer be available from the Microsoft Download Center. Security bulletins will continue to link directly to the updates, but will point to the packages on the Microsoft Update Catalog for updates not available on the Microsoft Download Center. Continue reading...