Announcing BlueHat 2024: Call for Papers now open 

Congratulations to the MSRC 2024 Most Valuable Security Researchers! 

Microsoft Bounty Program Year in Review: $16.6M in Rewards 

Introducing the MSRC Researcher Resource Center

Congratulations to the Top MSRC 2024 Q2 Security Researchers!

Summary Summary Google informed Microsoft under Coordinated Vulnerability Disclosure (CVD) of a padding oracle vulnerability that may affect customers using Azure Storage SDK (for Python, .NET, Java) client-side encryption (CVE-2022-30187). To mitigate this vulnerability, we released a new General Availability (GA) version of the Azure Storage SDK client-side encryption feature (v2) on July 12, 2022.

Headline

Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability

msrc-blog: Latest News