Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Time to Build Accountability Back into Cybersecurity

Chris Hass, director of information security and research at Automox, discusses how to assign security responsibility, punishment for poor cyber-hygiene and IDing 'security champions' to help small businesses.

Threatpost
#Hacks#Malware#Web Security#google#Cloud Security#Privacy#Vulnerabilities#Web Security#Government#Malware#Mobile Security#Vulnerabilities#Web Security#microsoft#Vulnerabilities#Web Security#vulnerability#Critical Infrastructure#Government#Malware#Web Security#Hacks#Malware#Web Security#Cloud Security#InfoSec Insider#Web Security#Government#Malware#Malware#Web Security#Breach#Cloud Security#InfoSec Insider#Malware#Vulnerabilities#Web Security
Resource Based Constrained Delegation

Microsoft in an attempt to provide more flexibility to domain users enabled owner of resources to configure which accounts are trusted and allowed to delegate… Continue reading → Resource Based Constrained Delegation

Resource Based Constrained Delegation

Microsoft in an attempt to provide more flexibility to domain users enabled owner of resources to configure which accounts are trusted and allowed to delegate… Continue reading → Resource Based Constrained Delegation

New High Impact Scenarios and Awards for the Azure Bounty Program

Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research community, and an important part of Microsoft’s holistic approach to defending against security threats.

CVE-2021-42299: Microsoft Surface Pro 3 Security Feature Bypass Vulnerability

*Which Surface devices are affected by this vulnerability?* The Surface Pro 3. *Are any other devices vulnerable?* Microsoft has confirmed that the Surface Pro 3 is vulnerable. However, it is possible that other devices, including non-Microsoft devices, using a similar BIOS may also be vulnerable. The Surface Pro 4, Surface Book, and more recent Surface devices are not vulnerable. *What can an attacker do with this vulnerability?* Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to ensure that the boot process is secure. Windows uses these PCR measurements to determine device health. A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks. *How do I protect myself?* This technique requires physical access to a target victim’s device, or an attacker would already have had to compromise a legitimate user's credentials. We encourage custom...

New High Impact Scenarios and Awards for the Azure Bounty Program

Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research community, and an important part of Microsoft’s holistic approach to defending against security threats.

Congratulations to the Top MSRC 2021 Q3 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s MSRC Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2021 Q3 Security Researcher Leaderboard are: BugHunter010 (840

Patch now! Microsoft fixes 71 Windows vulnerabilities in October Patch Tuesday

October 2021's Patch Tuesday includes some patches to block potentially dangerous vulnerabilities. We made a selection of the most "promising" ones. Categories: Exploits and vulnerabilities Tags: microsoft patch tuesday patches vulnerabilities *( Read more... ( https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/10/patch-now-microsoft-fixes-71-windows-vulnerabilities-in-october-patch-tuesday/ ) )* The post Patch now! Microsoft fixes 71 Windows vulnerabilities in October Patch Tuesday appeared first on Malwarebytes Labs.

Power Platform is Here! Introducing the Dynamics 365 and Power Platform Bug Bounty Program

Microsoft is excited to announce the addition of Power Platform to the newly rebranded Dynamics 365 and Power Platform Bounty Program. Through this expanded program, we encourage researchers to discover and report high impact security vulnerabilities they may find in the new Power Platform scope to help protect customers. We offer awards up to $20,000 USD for eligible submissions.

CVE-2021-40471: Security Update Guide - Microsoft Security Response Center

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40473, CVE-2021-40474, CVE-2021-40479, CVE-2021-40485.