Microsoft Security Response Center
@msrc.microsoft.com
We are the Microsoft Security Response Center. To report security vulnerabilities or abuse in Microsoft products, visit http://microsoft.com/en-us/msrc.
We’re excited to highlight Brad Schlintz's incredible journey in security research! From transitioning out of a traditional 9‑to‑5 to becoming a world‑class vulnerability researcher, Brad has carved out a life defined by curiosity, freedom, and impact. Learn more: www.microsoft.com/en-us/msrc/b...
December 16, 2025 at 8:03 PM
We’re excited to highlight Brad Schlintz's incredible journey in security research! From transitioning out of a traditional 9‑to‑5 to becoming a world‑class vulnerability researcher, Brad has carved out a life defined by curiosity, freedom, and impact. Learn more: www.microsoft.com/en-us/msrc/b...
As shared by Tom Gallagher, VP of Engineering, MSRC, we’re expanding our bug bounty program to include Microsoft online services in scope by default. Researchers will now be rewarded for vulnerabilities impacting these services, even when the root cause lies in open-source or third-party components.
December 14, 2025 at 8:49 PM
As shared by Tom Gallagher, VP of Engineering, MSRC, we’re expanding our bug bounty program to include Microsoft online services in scope by default. Researchers will now be rewarded for vulnerabilities impacting these services, even when the root cause lies in open-source or third-party components.
Thank you to everyone who joined us for the MSRC Researcher Celebration at Black Hat Europe. It was wonderful to spend an evening with so many members of the security research community sharing conversations, ideas, and a lot of fun.
#BHEU
#BHEU
December 12, 2025 at 11:31 AM
Thank you to everyone who joined us for the MSRC Researcher Celebration at Black Hat Europe. It was wonderful to spend an evening with so many members of the security research community sharing conversations, ideas, and a lot of fun.
#BHEU
#BHEU
As announced by Tom Gallagher, VP of Engineering, MSRC, on stage at Black Hat EU, we’re evolving our bug bounty program. Now, high-severity vulnerabilities that directly impact Microsoft online services are eligible for bounty awards, whether the code is Microsoft-owned, third-party, or open source.
December 11, 2025 at 12:46 PM
As announced by Tom Gallagher, VP of Engineering, MSRC, on stage at Black Hat EU, we’re evolving our bug bounty program. Now, high-severity vulnerabilities that directly impact Microsoft online services are eligible for bounty awards, whether the code is Microsoft-owned, third-party, or open source.
Good morning, Black Hat Europe! The MSRC team is here and ready to meet you. Spot someone in an MSRC shirt? Come say hi!
#BHEU #MSFTBlackHat
#BHEU #MSFTBlackHat
December 10, 2025 at 9:51 AM
Good morning, Black Hat Europe! The MSRC team is here and ready to meet you. Spot someone in an MSRC shirt? Come say hi!
#BHEU #MSFTBlackHat
#BHEU #MSFTBlackHat
Security updates for December 2025 are now available. Details are here: msft.it/6018SZEg0
#PatchTuesday #SecurityUpdateGuide
#PatchTuesday #SecurityUpdateGuide
December 9, 2025 at 6:02 PM
Security updates for December 2025 are now available. Details are here: msft.it/6018SZEg0
#PatchTuesday #SecurityUpdateGuide
#PatchTuesday #SecurityUpdateGuide
Tom Gallagher, VP Engineering, MSRC, will be on stage at Black Hat Europe on Thursday, December 11, at 12:15 PM GMT. In his talk, he'll share how decades of lessons have shaped Microsoft’s vulnerability management and response.
December 9, 2025 at 1:54 PM
Tom Gallagher, VP Engineering, MSRC, will be on stage at Black Hat Europe on Thursday, December 11, at 12:15 PM GMT. In his talk, he'll share how decades of lessons have shaped Microsoft’s vulnerability management and response.
Join the Microsoft Security Response Center in London for our Researcher Celebration on Wednesday, December 10, from 4:30 – 9:00 PM.
You don’t have to be attending Black Hat Europe to participate. This event is open to all security researchers!
Apply now: microsoft.eventsair.com/msrcbh25/reg...
You don’t have to be attending Black Hat Europe to participate. This event is open to all security researchers!
Apply now: microsoft.eventsair.com/msrcbh25/reg...
November 26, 2025 at 4:56 PM
Join the Microsoft Security Response Center in London for our Researcher Celebration on Wednesday, December 10, from 4:30 – 9:00 PM.
You don’t have to be attending Black Hat Europe to participate. This event is open to all security researchers!
Apply now: microsoft.eventsair.com/msrcbh25/reg...
You don’t have to be attending Black Hat Europe to participate. This event is open to all security researchers!
Apply now: microsoft.eventsair.com/msrcbh25/reg...
We're proud to highlight the outstanding work of Cato and the partnership with Microsoft that made this research possible. Together, we've strengthened security for everyone, showing how collaboration leads to real-world impact.
🚨 Meet “HashJack” – a new AI browser assistant exploit discovered by Cato CTRL.
Hidden prompts after the “#” in URLs can hijack top industry trusted AI browser assistants to conduct malicious activities (see use cases below👇)
Read more: www.catonetworks.com/blog/cato-ct...
Hidden prompts after the “#” in URLs can hijack top industry trusted AI browser assistants to conduct malicious activities (see use cases below👇)
Read more: www.catonetworks.com/blog/cato-ct...
November 25, 2025 at 4:21 PM
We're proud to highlight the outstanding work of Cato and the partnership with Microsoft that made this research possible. Together, we've strengthened security for everyone, showing how collaboration leads to real-world impact.
Part 2 of our 3-part XSS series is live! Discover how XSS can be weaponized when chained with other vulnerabilities, turning a simple flaw into a gateway for serious exploits like token theft and remote code execution: msft.it/6015trH8L
November 18, 2025 at 9:44 PM
Part 2 of our 3-part XSS series is live! Discover how XSS can be weaponized when chained with other vulnerabilities, turning a simple flaw into a gateway for serious exploits like token theft and remote code execution: msft.it/6015trH8L
Security updates for November 2025 are now available! Details are here: msft.it/6018SZEg0
#PatchTuesday #SecurityUpdateGuide
#PatchTuesday #SecurityUpdateGuide
November 11, 2025 at 6:09 PM
Security updates for November 2025 are now available! Details are here: msft.it/6018SZEg0
#PatchTuesday #SecurityUpdateGuide
#PatchTuesday #SecurityUpdateGuide
During his BlueHat Asia opening remarks, Tom Gallagher, VP of Engineering, MSRC discussed how Asia is home to some of the world’s top security researchers, and we’re proud to recognize those who contribute to Microsoft products and services. We have over 40 MVRs past and present MVRs in attendance.
November 5, 2025 at 5:09 AM
During his BlueHat Asia opening remarks, Tom Gallagher, VP of Engineering, MSRC discussed how Asia is home to some of the world’s top security researchers, and we’re proud to recognize those who contribute to Microsoft products and services. We have over 40 MVRs past and present MVRs in attendance.
We hosted a pre-BlueHat Asia welcome reception this evening, giving our speakers, MSRC MVRs, and Microsoft team members a great opportunity to connect. A huge thank you to our presenters and MVRs for their role in making #BlueHatAsia a success!
November 4, 2025 at 5:03 PM
We hosted a pre-BlueHat Asia welcome reception this evening, giving our speakers, MSRC MVRs, and Microsoft team members a great opportunity to connect. A huge thank you to our presenters and MVRs for their role in making #BlueHatAsia a success!
At the Microsoft Security Response Center (MSRC), your feedback drives our innovation. Based on your input, we’ve introduced three new features designed to make your experience more efficient, transparent, and user-friendly.
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
October 31, 2025 at 2:16 PM
At the Microsoft Security Response Center (MSRC), your feedback drives our innovation. Based on your input, we’ve introduced three new features designed to make your experience more efficient, transparent, and user-friendly.
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Ever wondered how Windows decides if a file path is local, intranet, or Internet, and why it matters for security? MSRC security researchers dive deep into MapUrlToZone (MUTZ).
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
October 30, 2025 at 5:06 PM
Ever wondered how Windows decides if a file path is local, intranet, or Internet, and why it matters for security? MSRC security researchers dive deep into MapUrlToZone (MUTZ).
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
MSRC websites and services are experiencing downstream impact related to the ongoing Azure outage. Additional updates can be found on the Azure status page: azure.status.microsoft/en-us/status
Azure status
Check the current Azure health status and view past incidents.
azure.status.microsoft
October 29, 2025 at 6:31 PM
MSRC websites and services are experiencing downstream impact related to the ongoing Azure outage. Additional updates can be found on the Azure status page: azure.status.microsoft/en-us/status
Microsoft has addressed CVE-2025-55315, a vulnerability related to HTTP request handling. This update strengthens security and helps reduce risks such as privilege escalation or SSRF.
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
October 28, 2025 at 9:19 PM
Microsoft has addressed CVE-2025-55315, a vulnerability related to HTTP request handling. This update strengthens security and helps reduce risks such as privilege escalation or SSRF.
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Microsoft is expanding transparency in vulnerability management. We are now publishing VEX (Vulnerability Exploitability eXchange) attestations for third-party CVEs associated with the Azure Linux Distribution (formerly CBL-Mariner).
Learn why VEX matters in our blog post: msft.it/6014shEmn
Learn why VEX matters in our blog post: msft.it/6014shEmn
October 22, 2025 at 11:12 PM
Microsoft is expanding transparency in vulnerability management. We are now publishing VEX (Vulnerability Exploitability eXchange) attestations for third-party CVEs associated with the Azure Linux Distribution (formerly CBL-Mariner).
Learn why VEX matters in our blog post: msft.it/6014shEmn
Learn why VEX matters in our blog post: msft.it/6014shEmn
Congratulations to all the researchers recognized in this quarter’s MSRC 2025 Q3 Security Researcher Leaderboard! Thanks to all the researchers who partnered with us for your hard work and continued dedication to securing our customers.
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
October 16, 2025 at 6:48 PM
Congratulations to all the researchers recognized in this quarter’s MSRC 2025 Q3 Security Researcher Leaderboard! Thanks to all the researchers who partnered with us for your hard work and continued dedication to securing our customers.
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Security updates for October 2025 are now available! Details are here: msft.it/6018SZEg0
#PatchTuesday #SecurityUpdateGuide
#PatchTuesday #SecurityUpdateGuide
October 14, 2025 at 6:35 PM
Security updates for October 2025 are now available! Details are here: msft.it/6018SZEg0
#PatchTuesday #SecurityUpdateGuide
#PatchTuesday #SecurityUpdateGuide