Microsoft Security Response Center

The Microsoft Security Response Center (MSRC) identifies, monitors, responds to and resolves security incidents and vulnerabilities in Microsoft software.

Microsoft Security Response Center

  • June 2015 Updates

    Today, as part of Update Tuesday, we released 8 security bulletins .... 

  • May 2015 Updates

    Today, as part of Update Tuesday, we released 13 security bulletins ....

  • Microsoft Bounty Programs Expansion – Azure and Project Spartan

    I am excited to announce significant expansions to the Microsoft Bounty Programs.  We are evolving the 'Online Services Bug Bounty, launching a new bounty for Project Spartan, and updating the Mitigation Bypass Bounty ....

  • April 2015 Updates

    Today, as part of Update Tuesday, we released 11 security bulletins ....

  • March 2015 Updates

    Today, as part of Update Tuesday, we released 14 security bulletins to address vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Exchange, and Internet Explorer ....

  • Security Advisory 3046015 released

    Today, we released Security Advisory 3046015 to provide guidance to customers in response to the SSL/TLS issue referred to by researchers as “FREAK” (Factoring attack on RSA-EXPORT Keys).

    Our investigation continues and we’ll take the necessary steps to protect our customers.

    MSRC Team

  • February 2015 Updates

    Today, as part of Update Tuesday, we released nine security bulletins – three rated Critical and six rated Important in severity, to address 56 unique Common Vulnerabilities and Exposures (CVEs) in ....

  • January 2015 Updates

    Today, as part of Update Tuesday, we released eight security updates – one rated Critical and seven rated Important in severity, to address eight unique Common Vulnerabilities and Exposures (CVEs) in ....

  • A Call for Better Coordinated Vulnerability Disclosure

    For years our customers have been in the trenches against cyberattacks in an increasingly complex digital landscape. We’ve been there with you, as have others. And we aren’t going anywhere.  Forces often seek to undermine and disrupt technology and people, attempting to weaken the very devices and services people have come to depend on and trust. Just as malicious acts are planned, so too are counter-measures implemented by companies like Microsoft. These efforts aim to protect everyone against a broad spectrum of activity ranging from phishing scams that focus on socially engineered trickery, to sophisticated attacks by persistent and determined adversaries. (And yes, people have a role to play – strong passwords, good policies and practices, keeping current to the best of your ability, detection and response, etc. But we’ll save those topics for another day).     

    With all that is going on, this is a time for security researchers and software companies to come together and not stand divided over important protection strategies, such as the disclosure of vulnerabilities and the remediation of them.. 


  • Evolving Microsoft's Advance Notification Service in 2015

    Our Advance Notification Service (ANS) was created more than a decade ago as part of Update Tuesday to broadly communicate in advance, about the security updates being released for Microsoft products and services each month. Over the years, technology environments and customer needs have evolved, prompting us to evaluate our existing information and distribution channels. This desire to improve is why customers may have seen us introduce myBulletins to provide bulletin reports tailored to customer preferences, discontinue the Deployment Priority matrix in favor of the Exploitability Index, modify the Exploitability Index to account for more threat scenarios, simplify security bulletin content to help customer understanding, and create a centralized glossary for bulletin definitions. The change being announced today fits within that context...