Microsoft Security Response Center

The Microsoft Security Response Center (MSRC) identifies, monitors, responds to and resolves security incidents and vulnerabilities in Microsoft software.

Microsoft Security Response Center

  • Security Advisory 3046015 released

    Today, we released Security Advisory 3046015 to provide guidance to customers in response to the SSL/TLS issue referred to by researchers as “FREAK” (Factoring attack on RSA-EXPORT Keys).

    Our investigation continues and we’ll take the necessary steps to protect our customers.

    MSRC Team

  • February 2015 Updates

    Today, as part of Update Tuesday, we released nine security bulletins – three rated Critical and six rated Important in severity, to address 56 unique Common Vulnerabilities and Exposures (CVEs) in ....

  • January 2015 Updates

    Today, as part of Update Tuesday, we released eight security updates – one rated Critical and seven rated Important in severity, to address eight unique Common Vulnerabilities and Exposures (CVEs) in ....

  • A Call for Better Coordinated Vulnerability Disclosure

    For years our customers have been in the trenches against cyberattacks in an increasingly complex digital landscape. We’ve been there with you, as have others. And we aren’t going anywhere.  Forces often seek to undermine and disrupt technology and people, attempting to weaken the very devices and services people have come to depend on and trust. Just as malicious acts are planned, so too are counter-measures implemented by companies like Microsoft. These efforts aim to protect everyone against a broad spectrum of activity ranging from phishing scams that focus on socially engineered trickery, to sophisticated attacks by persistent and determined adversaries. (And yes, people have a role to play – strong passwords, good policies and practices, keeping current to the best of your ability, detection and response, etc. But we’ll save those topics for another day).     

    With all that is going on, this is a time for security researchers and software companies to come together and not stand divided over important protection strategies, such as the disclosure of vulnerabilities and the remediation of them.. 

    ..

  • Evolving Microsoft's Advance Notification Service in 2015

    Our Advance Notification Service (ANS) was created more than a decade ago as part of Update Tuesday to broadly communicate in advance, about the security updates being released for Microsoft products and services each month. Over the years, technology environments and customer needs have evolved, prompting us to evaluate our existing information and distribution channels. This desire to improve is why customers may have seen us introduce myBulletins to provide bulletin reports tailored to customer preferences, discontinue the Deployment Priority matrix in favor of the Exploitability Index, modify the Exploitability Index to account for more threat scenarios, simplify security bulletin content to help customer understanding, and create a centralized glossary for bulletin definitions. The change being announced today fits within that context...

  • December 2014 Updates

    Today, as part of Update Tuesday, we released seven security updates – three rated Critical and four rated Important in severity, to address 24 unique Common Vulnerabilities and Exposures (CVEs) in .....

  • Advance Notification Service for the December 2014 Security Bulletin Release

    Today, we provide advance notification for the release of seven Security Bulletins. Three of these updates are rated Critical and four are rated as Important in severity. These updates are for ....

  • Security Bulletin MS14-068 released

    Today, we released an out-of-band security update to address a vulnerability in Kerberos which could allow Elevation of Privilege. This update is for all supported versions...

  • Out-of-band release for Security Bulletin MS14-068

    On Tuesday, November 18, 2014, at approximately 10 a.m. PST, we will release an out-of-band security update to address a vulnerability in Windows....

  • November 2014 Updates

    Today, as part of Update Tuesday, we released 14 security updates – four rated Critical, nine rated Important, and two rated Moderate, to address 33 Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office, .NET Framework, Internet Information Services (IIS), Remote Desktop Protocol (RDP), Active Directory Federation Services (ADFS), Input Method Editor (IME) (Japanese), and Kernel Mode Driver (KMD). We encourage you to apply all of these updates, but...