Microsoft Security Response Center
Coverage of Microsoft Security Response Center in the Nexus archive.
- Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures
Ammar Askar, a bug hunter, leaked a vulnerability in Microsoft's Visual Studio Code after becoming disillusioned with the company's handling of security reports. The exploit allows attackers to steal OAuth tokens via malicious extensions, compromising GitHub repos, and was disclosed publicly due to past negative experiences with Microsoft Security Response Center (MSRC).
- Microsoft is threatening legal action for disclosing exploits
Microsoft is facing criticism for threatening legal action against an individual who disclosed zero-day exploits. Nightmare Eclipse, a user, posted proof-of-concept exploit code, prompting Microsoft to disable their GitHub, GitLab, and Microsoft Security Response Center accounts. Cybersecurity researcher Kevin Beaumont highlighted Microsoft's response as a point of concern.
- Doozy of a Patch Tuesday includes 30 critical Microsoft CVEs
Microsoft released fixes for 137 CVEs, including 30 critical flaws, with 14 earning a 9.0 or higher CVSS severity rating. The company's AI bug hunting system, MDASH, found 16 of the vulnerabilities addressed in this month's release. Microsoft admins are expected to face a lot more work in applying and testing the patches.