What’s new in the MSRC Report Abuse Portal and API

Toward greater transparency: Unveiling Cloud Service CVEs 

Mitigating SSRF Vulnerabilities Impacting Azure Machine Learning

Improved Guidance for Azure Network Service Tags

Congratulations to the Top MSRC 2024 Q1 Security Researchers! 

Summary Summary Microsoft has developed mitigations for an insecure anti-pattern used in Azure AD (AAD) applications highlighted by Descope, and reported to Microsoft, where use of the email claim from access tokens for authorization can lead to an escalation of privilege. An attacker can falsify the email claim in tokens issued to applications.

Headline

Potential Risk of Privilege Escalation in Azure AD Applications

msrc-blog: Latest News