2025-12-13
As announced by Tom Gallagher (@secbughunter), VP of Engineering, MSRC, on stage at Black Hat Europe, we're evolving our bug bounty program. Now, high-severity vulnerabilities that directly impact Microsoft online services are eligible for bounty awards, whether the code is [image]
SiliconANGLE
Microsoft expands its bug bounty program so that any critical vulnerability, including in third-party code, impacting its online services is eligible for awards
Duncan Riley / SiliconANGLE :
2025-07-23
Microsoft has released security updates for all supported on-premises SharePoint Server versions. Cloud-hosted SharePoint is not affected. We strongly urge customers to apply these updates immediately to protect against active exploitation. Our latest blog also shares insights
BleepingComputer
Microsoft says it “has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon exploiting” the SharePoint zero-day vulnerabilities
He said not as vulnerable as on-prem SharePoint right now. — #nerdromancewithpits @wylienewmark : back in the day, attribution of widespread exploitation of a vulnerability in a ...
Microsoft has released security updates for all supported on-premises SharePoint Server versions. Cloud-hosted SharePoint is not affected. We strongly urge customers to apply these updates immediately to protect against active exploitation. Our latest blog also shares insights
Bloomberg
Source: the US National Nuclear Security Administration was among those breached by a hack of SharePoint; no sensitive information is known to be compromised
The US agency responsible for maintaining and designing the nation's cache of nuclear weapons was among those breached by a hack …
2025-07-21
Update on CVE-2025-53770: Microsoft has released a security update for SharePoint Subscription Edition to mitigate active attacks targeting on-premises servers. SharePoint Online is not affected. Customers should apply the update immediately. We are actively working on updates
Bloomberg
Microsoft releases a patch for a SharePoint 0-day RCE flaw exploited globally on thousands of on-prem servers and says SharePoint 2016 updates are in the works
Microsoft Corp. warned that hackers are actively targeting customers of its document management software SharePoint …
Microsoft is aware of active attacks targeting on-premises SharePoint Server customers, exploiting a variant of CVE-2025-49706. This vulnerability has been assigned CVE-2025-53770. We have outlined mitigations and detections in our blog. Our team is working urgently to release a security update and will share more details as they become available. Read the full guidance in our blog:
Bloomberg
Microsoft releases a patch for a SharePoint 0-day RCE flaw exploited globally on thousands of on-prem servers and says SharePoint 2016 updates are in the works
Microsoft Corp. warned that hackers are actively targeting customers of its document management software SharePoint …
2024-11-19
As part of our Secure Future Initiative and to further the security of our customers, ourselves, and the world, today we are introducing the most transparent security research event in history: The Zero Day Quest. This new hacking event will be the largest of its kind, with an [image]
The Verge
Microsoft announces Zero Day Quest, a Black Hat-like hacking event at its Redmond HQ in 2025 that it says will be the largest of its kind, and opens submissions
Tom Warren / The Verge :
As part of our Secure Future Initiative and to further the security of our customers, ourselves, and the world, today we are introducing the most transparent security research event in history: The Zero Day Quest. This new hacking event will be the largest of its kind, with an [image]
The Verge
Microsoft unveils the $349 Windows 365 Link, a mini PC for its Windows 365 cloud service running a “super hardened version of Windows”, shipping in April 2025
Microsoft is planning to launch a new purpose-built miniature PC for its Windows 365 cloud service next year.
2022-04-19
New high impact scenario awards in the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program, with awards up to $26,000 USD! For more information, check out our blog post: https://msrc-blog.microsoft.com/ ... #bugbounty
The Register
Microsoft says it will pay up to $26K more, an increase of 30% in some cases, in bug bounties for “high-impact” bugs in its Office 365 products
Jessica Lyons Hardcastle / The Register :
2021-08-11
See the latest MSRC blog about Point and Print Changes https://msrc-blog.microsoft.com/ ...
The Record
Microsoft will now require admin rights before Windows users can access the Point and Print feature, to mitigate a security flaw it has already tried to patch
See the latest MSRC blog about Point and Print Changes https://msrc-blog.microsoft.com/ ...
BleepingComputer
Microsoft fixes 44 vulnerabilities, including seven flaws that are classified as critical and three zero-day flaws, with one actively exploited in the wild
Today is Microsoft's August 2021 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 44 flaws …
2021-07-10
Microsoft Bug Bounty Programs awarded $13.6M to 341 security researchers in the last 12 months. Thank you to everyone for your continued work to help secure millions of customers. https://msrc-blog.microsoft.com/ ...
The Record
Microsoft says its bug bounty program paid $13.6M to 341 security researchers in the past 12 months, down slightly from the $13.7M it paid a year ago
2021-07-09
Microsoft Bug Bounty Programs awarded $13.6M to 341 security researchers in the last 12 months. Thank you to everyone for your continued work to help secure millions of customers. https://msrc-blog.microsoft.com/ ...
The Record
Microsoft says its bug bounty program paid $13.6M to 341 security researchers in the past 12 months, down slightly from the $13.7M it paid a year ago
Microsoft said it awarded more than $13.6 million as monetary rewards to security researchers through its public bug bounty programs over the past 12 months.
2020-07-15
July 2020 Security Update includes a fix for a wormable RCE vulnerability in Windows DNS Server affecting all versions of Windows server running the DNS Server role. This should be patched quickly. For more information, see: https://msrc-blog.microsoft.com/ ...
CyberScoop
Microsoft issues a patch for a critical “wormable” flaw affecting OSes including Windows 10 and Server; Check Point says the flaw has been in code for 17 years
Shannon Vavra / CyberScoop :
2020-02-01
We're excited to announce the Xbox Bounty Program, which awards up to $20,000 for vulnerabilities in the Xbox network space. Find out more information: https://msrc-blog.microsoft.com/ ...
ZDNet
Microsoft launches Xbox bug bounty program, will pay rewards up to $20K for vulnerabilities found in the Xbox Live network and services
The Xbox Bounty Program invites gamers … Ethan Gach / Kotaku : Microsoft's Bug Bounty Program Will Pay Players To Find Security Flaws In Xbox Live Anthony Spadafora / TechRadar.com...
2020-01-31
We're excited to announce the Xbox Bounty Program, which awards up to $20,000 for vulnerabilities in the Xbox network space. Find out more information: https://msrc-blog.microsoft.com/ ...
ZDNet
Microsoft launches Xbox bug bounty program, will pay rewards up to $20K for vulnerabilities found in the Xbox Live network and services
Microsoft Security Response Center (MSRC) to start accepting vulnerabilities in Xbox gaming platform. — Microsoft announced today the launch …
2019-08-14
August 2019 Security Update includes fixes for wormable RCE vulnerabilities in Remote Desktop Services (RDS), affecting all in-support versions of Windows. These should be patched quickly. For more information, see https://msrc-blog.microsoft.com/ ...
Krebs on Security
Microsoft patches four wormable BlueKeep-like bugs in Remote Desktop Service, two of which can be exploited remotely without authentication or user interaction
Most Microsoft Windows (ab)users probably welcome the monthly ritual of applying security updates about as much as they look forward …