Announcing BlueHat 2024: Call for Papers now open 

Congratulations to the MSRC 2024 Most Valuable Security Researchers! 

Microsoft Bounty Program Year in Review: $16.6M in Rewards 

Introducing the MSRC Researcher Resource Center

Congratulations to the Top MSRC 2024 Q2 Security Researchers!

Summary Summary Microsoft used the Spring Framework RCE, Early Announcement to inform analysis of the remote code execution vulnerability, CVE-2022-22965, disclosed on 31 Mar 2022. We have not to date noted any impact to the security of our enterprise services and have not experienced any degraded service availability due to this vulnerability.

Headline

Microsoft’s Response to CVE-2022-22965 Spring Framework

msrc-blog: Latest News