2021 年 11 月 10 日 (日本時間)、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ
We’re Excited to Announce the Launch of Comms Hub!
We are excited to announce the launch of Comms Hub to the Researcher Portal submission experience! With this launch, security researchers will be able to streamline communication with MSRC case SPMs (case managers), attach additional files, track case and bug bounty status all in the Researcher Portal.
Summary – What is Comms Hub?
Microsoft のバグハンティング:脆弱性発見者へのインタビューとMSRCについて ~ CODE BLUE Open Talkより
より安全で安心な製品やサービスを提供するために、マイクロソフトでは、マイクロソフトの製品やサービスに
New High Impact Scenarios and Awards for the Azure Bounty Program
Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research community, and an important part of Microsoft’s holistic approach to defending against security threats.
Congratulations to the Top MSRC 2021 Q3 Security Researchers!
Congratulations to all the researchers recognized in this quarter’s MSRC Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2021 Q3 Security Researcher Leaderboard are: BugHunter010 (840
Power Platform is Here! Introducing the Dynamics 365 and Power Platform Bug Bounty Program
Microsoft is excited to announce the addition of Power Platform to the newly rebranded Dynamics 365 and Power Platform Bounty Program.
Through this expanded program, we encourage researchers to discover and report high impact security vulnerabilities they may find in the new Power Platform scope to help protect customers. We offer awards up to $20,000 USD for eligible submissions.
Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions
Last updated on October 5, 2021: See revision history located at the end of the post for changes.
On September 14, 2021, Microsoft released fixes for three Elevation of Privilege (EoP) vulnerabilities and one unauthenticated Remote Code Execution (RCE) vulnerability in the Open Management Infrastructure (OMI) framework: CVE-2021-38645, CVE-2021-38649, CVE-2021-38648, and CVE-2021-38647, respectively.
2021 年 9 月のセキュリティ更新プログラム (月例)
更新 9 月 17 日: 9 月の月例セキュリティ更新日に公開した Open Management Infrastructure (OMI) の脆弱性 CVE-2021-38645, CVE-2021-38649, CVE-2021-38648, CVE-2021-38647 に関して、追加のガイダン