ms-msrc

Furthering our commitment to security updates Microsoft is committed to delivering comprehensive security updates to our customers. Information about the security updates we release are currently made available on the Microsoft Security Bulletin website. However, our customers have asked for better access to update information, as well as easier ways to customize their view to serve a diverse set of needs. This month we released a preview of our new single destination for security vulnerability information, the Security Updates Guide. Instead of publishing bulletins to describe related vulnerabilities, the new portal lets our customers view and search security vulnerability information in a single online database. Using the new portal you can: Sort and filter security vulnerability and update content, for example, by CVE, KB number, product, or release date. Filter out products that don’t apply to you, and drill down [ more… ]

October 2016 security update release Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library. MSRC team Source: October 2016 security update release

Update to the Microsoft Edge Web Platform on Windows Insider Preview Bug Bounty Program terms On August 4, 2016 we launched a bounty program that targets Remote Code Execution (RCE) vulnerabilities in Microsoft Edge on the Windows Insider Preview Slow (WIP slow). Today, we will be making additions to this bounty program. Since security is a continuous effort and not a destination, we prioritize acquiring different types of vulnerabilities in different points of time. Currently, we are focusing on vulnerabilities that lead to violation of W3C standards that compromise privacy and integrity of important user data, and RCEs. This program now includes: Same Origin Policy bypass vulnerabilities (example: UXSS) Referer Spoofing vulnerabilities Remote Code Execution vulnerabilities in Microsoft Edge on Windows Insider Preview Vulnerabilities in open source sections of Chakra The bounty will run August 4, 2016 through May 15, [ more… ]

September 2016 security update release Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library. MSRC Team Source: September 2016 security update release

Announcing a Microsoft .NET Core and ASP.NET Core Bug Bounty It’s our pleasure to announce another exciting expansion of the Microsoft Bounty Programs. Today, we will be adding .NET Core and ASP.NET Core to our suite of ongoing bounty programs. We are offering a bounty on the Windows and Linux versions of .NET Core and ASP.NET Core starting on September 1, 2016. The program highlights are: Microsoft will pay a bounty for critical and important vulnerabilities on the latest RTM version, or supported Beta or RC releases of latest versions of Microsoft .NET Core, ASP.NET Core It includes vulnerabilities in the default ASP.NET Core templates provided with the ASP.NET Web Tools Extension for Visual Studio 2015 or later Also included is Kestrel, Microsoft’s new web server The supported platforms are Windows and Linux versions of .NET Core and ASP.NET Core The [ more… ]