Toward greater transparency: Unveiling Cloud Service CVEs 

Mitigating SSRF Vulnerabilities Impacting Azure Machine Learning

Improved Guidance for Azure Network Service Tags

Congratulations to the Top MSRC 2024 Q1 Security Researchers! 

Toward greater transparency:  Adopting the CWE standard for Microsoft CVEs

Summary Summary Microsoft Threat Intelligence discovered limited, targeted abuse of a vulnerability in Microsoft Outlook for Windows that allows for new technology LAN manager (NTLM) credential theft. Microsoft has released CVE-2023-23397 to address the critical elevation of privilege (EoP) vulnerability affecting Microsoft Outlook for Windows. We strongly recommend all customers update Microsoft Outlook for Windows to remain secure.

Headline

Microsoft Mitigates Outlook Elevation of Privilege Vulnerability

msrc-blog: Latest News