Year: <span>2021</span>

Year: 2021

Uncategorized

Coordinated disclosure of vulnerability in Azure Container Instances Service

Microsoft recently mitigated a vulnerability reported by a security researcher in the Azure Container Instances (ACI) that could potentially allow a user to access other customers’ information in the ACI service. Our investigation surfaced no unauthorized access to customer data. Out of an abundance of caution we notified customers with containers running on the same clusters as the researchers via Service Health Notifications in the Azure Portal.

Uncategorized

Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature

On August 12, 2021, a security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook feature that could potentially allow a user to gain access to another customer’s resources by using the account’s primary read-write key. We mitigated the vulnerability immediately.
Our investigation indicates that no customer data was accessed because of this vulnerability by third parties or security researchers.

Uncategorized

Announcing the Launch of the Azure SSRF Security Research Challenge

Microsoft is excited to announce the launch of a new, three-month security research challenge under the Azure Security Lab initiative. The Azure Server-Side Request Forgery (SSRF) Research Challenge invites security researchers to discover and share high impact SSRF vulnerabilities in Microsoft Azure. Qualified submissions are eligible for bounty rewards up to $60,000 USD, with additional awards for identifying innovative or novel attack patterns.

Uncategorized

Point and Print Default Behavior Change

Our investigation into several vulnerabilities collectively referred to as “PrintNightmare” has determined that the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks.
Today, we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges.

Uncategorized

Congratulations to the MSRC 2021 Most Valuable Security Researchers!

The MSRC Researcher Recognition Program offers public thanks and acknowledgement to the researchers who help protect customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s Most Valuable Security Researchers (MVRs) based on the impact, accuracy,