Microsoft Security Response Center
@msrc.microsoft.com
We are the Microsoft Security Response Center. To report security vulnerabilities or abuse in Microsoft products, visit http://microsoft.com/en-us/msrc.
Join the Microsoft Security Response Center in London for our Researcher Celebration on Wednesday, December 10, from 4:30 – 9:00 PM.
You don’t have to be attending Black Hat Europe to participate. This event is open to all security researchers!
Apply now: microsoft.eventsair.com/msrcbh25/reg...
You don’t have to be attending Black Hat Europe to participate. This event is open to all security researchers!
Apply now: microsoft.eventsair.com/msrcbh25/reg...
November 26, 2025 at 4:56 PM
Join the Microsoft Security Response Center in London for our Researcher Celebration on Wednesday, December 10, from 4:30 – 9:00 PM.
You don’t have to be attending Black Hat Europe to participate. This event is open to all security researchers!
Apply now: microsoft.eventsair.com/msrcbh25/reg...
You don’t have to be attending Black Hat Europe to participate. This event is open to all security researchers!
Apply now: microsoft.eventsair.com/msrcbh25/reg...
We're proud to highlight the outstanding work of Cato and the partnership with Microsoft that made this research possible. Together, we've strengthened security for everyone, showing how collaboration leads to real-world impact.
🚨 Meet “HashJack” – a new AI browser assistant exploit discovered by Cato CTRL.
Hidden prompts after the “#” in URLs can hijack top industry trusted AI browser assistants to conduct malicious activities (see use cases below👇)
Read more: www.catonetworks.com/blog/cato-ct...
Hidden prompts after the “#” in URLs can hijack top industry trusted AI browser assistants to conduct malicious activities (see use cases below👇)
Read more: www.catonetworks.com/blog/cato-ct...
November 25, 2025 at 4:21 PM
We're proud to highlight the outstanding work of Cato and the partnership with Microsoft that made this research possible. Together, we've strengthened security for everyone, showing how collaboration leads to real-world impact.
Part 2 of our 3-part XSS series is live! Discover how XSS can be weaponized when chained with other vulnerabilities, turning a simple flaw into a gateway for serious exploits like token theft and remote code execution: msft.it/6015trH8L
November 18, 2025 at 9:44 PM
Part 2 of our 3-part XSS series is live! Discover how XSS can be weaponized when chained with other vulnerabilities, turning a simple flaw into a gateway for serious exploits like token theft and remote code execution: msft.it/6015trH8L
Security updates for November 2025 are now available! Details are here: msft.it/6018SZEg0
#PatchTuesday #SecurityUpdateGuide
#PatchTuesday #SecurityUpdateGuide
November 11, 2025 at 6:09 PM
Security updates for November 2025 are now available! Details are here: msft.it/6018SZEg0
#PatchTuesday #SecurityUpdateGuide
#PatchTuesday #SecurityUpdateGuide
During his BlueHat Asia opening remarks, Tom Gallagher, VP of Engineering, MSRC discussed how Asia is home to some of the world’s top security researchers, and we’re proud to recognize those who contribute to Microsoft products and services. We have over 40 MVRs past and present MVRs in attendance.
November 5, 2025 at 5:09 AM
During his BlueHat Asia opening remarks, Tom Gallagher, VP of Engineering, MSRC discussed how Asia is home to some of the world’s top security researchers, and we’re proud to recognize those who contribute to Microsoft products and services. We have over 40 MVRs past and present MVRs in attendance.
We hosted a pre-BlueHat Asia welcome reception this evening, giving our speakers, MSRC MVRs, and Microsoft team members a great opportunity to connect. A huge thank you to our presenters and MVRs for their role in making #BlueHatAsia a success!
November 4, 2025 at 5:03 PM
We hosted a pre-BlueHat Asia welcome reception this evening, giving our speakers, MSRC MVRs, and Microsoft team members a great opportunity to connect. A huge thank you to our presenters and MVRs for their role in making #BlueHatAsia a success!
At the Microsoft Security Response Center (MSRC), your feedback drives our innovation. Based on your input, we’ve introduced three new features designed to make your experience more efficient, transparent, and user-friendly.
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
October 31, 2025 at 2:16 PM
At the Microsoft Security Response Center (MSRC), your feedback drives our innovation. Based on your input, we’ve introduced three new features designed to make your experience more efficient, transparent, and user-friendly.
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Ever wondered how Windows decides if a file path is local, intranet, or Internet, and why it matters for security? MSRC security researchers dive deep into MapUrlToZone (MUTZ).
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
October 30, 2025 at 5:06 PM
Ever wondered how Windows decides if a file path is local, intranet, or Internet, and why it matters for security? MSRC security researchers dive deep into MapUrlToZone (MUTZ).
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
MSRC websites and services are experiencing downstream impact related to the ongoing Azure outage. Additional updates can be found on the Azure status page: azure.status.microsoft/en-us/status
Azure status
Check the current Azure health status and view past incidents.
azure.status.microsoft
October 29, 2025 at 6:31 PM
MSRC websites and services are experiencing downstream impact related to the ongoing Azure outage. Additional updates can be found on the Azure status page: azure.status.microsoft/en-us/status
Microsoft has addressed CVE-2025-55315, a vulnerability related to HTTP request handling. This update strengthens security and helps reduce risks such as privilege escalation or SSRF.
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
October 28, 2025 at 9:19 PM
Microsoft has addressed CVE-2025-55315, a vulnerability related to HTTP request handling. This update strengthens security and helps reduce risks such as privilege escalation or SSRF.
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Microsoft is expanding transparency in vulnerability management. We are now publishing VEX (Vulnerability Exploitability eXchange) attestations for third-party CVEs associated with the Azure Linux Distribution (formerly CBL-Mariner).
Learn why VEX matters in our blog post: msft.it/6014shEmn
Learn why VEX matters in our blog post: msft.it/6014shEmn
October 22, 2025 at 11:12 PM
Microsoft is expanding transparency in vulnerability management. We are now publishing VEX (Vulnerability Exploitability eXchange) attestations for third-party CVEs associated with the Azure Linux Distribution (formerly CBL-Mariner).
Learn why VEX matters in our blog post: msft.it/6014shEmn
Learn why VEX matters in our blog post: msft.it/6014shEmn
Congratulations to all the researchers recognized in this quarter’s MSRC 2025 Q3 Security Researcher Leaderboard! Thanks to all the researchers who partnered with us for your hard work and continued dedication to securing our customers.
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
October 16, 2025 at 6:48 PM
Congratulations to all the researchers recognized in this quarter’s MSRC 2025 Q3 Security Researcher Leaderboard! Thanks to all the researchers who partnered with us for your hard work and continued dedication to securing our customers.
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Learn more in our blog post: www.microsoft.com/en-us/msrc/b...
Security updates for October 2025 are now available! Details are here: msft.it/6018SZEg0
#PatchTuesday #SecurityUpdateGuide
#PatchTuesday #SecurityUpdateGuide
October 14, 2025 at 6:35 PM
Security updates for October 2025 are now available! Details are here: msft.it/6018SZEg0
#PatchTuesday #SecurityUpdateGuide
#PatchTuesday #SecurityUpdateGuide