Security researcher and Microsoft Most Valuable Researcher (MVR) Tobias Diehl joins hosts Nic Fillingham and Wendy Zenone to talk about his journey from IT support to becoming a top contributor to the MSRC leaderboards. He shares insights from his latest Power Automate discovery, thoughts on AI security research, and what he’s bringing to the Zero Day Quest Onsite Hacking Event. Listen now: https://lnkd.in/gEc-TvV4
Microsoft Security Response Center
Computer and Network Security
Protecting customers and Microsoft from current and emerging threats related to security and privacy.
About us
The Microsoft Security Response Center (MSRC) is dedicated to safeguarding customers and Microsoft from security threats. With over two decades of experience, we focus on prevention, rapid defense, and community trust. Together, we’ll continue to protect our users and the broader ecosystem.
- Website
-
https://www.microsoft.com/en-us/msrc
External link for Microsoft Security Response Center
- Industry
- Computer and Network Security
- Company size
- 10,001+ employees
- Specialties
- Cybersecurity, Security response, Incident response, Bug bounty, Security research, and BlueHat
Updates
-
At the Zero Day Quest Onsite Hacking Event closing ceremony, held at the iconic Space Needle, we celebrated the outstanding achievements of the security research community. 𝗧𝗼𝗽 𝗿𝗲𝘀𝗲𝗮𝗿𝗰𝗵 𝗹𝗲𝗮𝗱𝗲𝗿𝘀 𝗯𝘆 𝗯𝗼𝘂𝗻𝘁𝘆 𝗰𝗮𝘁𝗲𝗴𝗼𝗿𝘆 𝗔𝘇𝘂𝗿𝗲+: Anonymous 𝗠𝟯𝟲𝟱+: Dylan Ryan-Zilavy & Railgun (Kunlun Lab) 𝗖𝗼𝗽𝗶𝗹𝗼𝘁: Jun Kokatsu 𝗠𝗼𝘀𝘁 𝘂𝗻𝗶𝗾𝘂𝗲 𝗰𝗮𝘀𝗲 Awarded to the participant who submitted the most creative and original case: Railgun (Kunlun Lab) – SharePoint Online SQL Injection 𝗦𝗵𝗮𝗿𝗲𝗣𝗼𝗶𝗻𝘁 𝗢𝗻𝗹𝗶𝗻𝗲 𝗖𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲 𝘄𝗶𝗻𝗻𝗲𝗿𝘀 Dylan Ryan-Zilavy & Railgun (Kunlun Lab) 𝗧𝗼𝗽 𝘁𝗵𝗿𝗲𝗲 𝗭𝗲𝗿𝗼 𝗗𝗮𝘆 𝗤𝘂𝗲𝘀𝘁 𝘄𝗶𝗻𝗻𝗲𝗿𝘀: 𝟭𝘀𝘁 𝗣𝗹𝗮𝗰𝗲: Anonymous 𝟮𝗻𝗱 𝗣𝗹𝗮𝗰𝗲: Yanir Tsarimi 𝟯𝗿𝗱 𝗣𝗹𝗮𝗰𝗲: Dylan Ryan-Zilavy Huge congratulations to all our winners and participants! Your efforts are shaping the future of Cloud and AI, and we cannot wait to see what you accomplish next. #ZeroDayQuest
-
-
Microsoft Security Response Center reposted this
Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center discovered post-compromise exploitation of CVE 2025-29824, a zero-day elevation of privilege vulnerability in the Windows Common Log File System (CLFS), against a small number of targets. The targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in Saudi Arabia. Due to new mitigations introduced in Windows 11, version 24H2, the exploit only worked on prior Windows versions. Microsoft released security updates to address the vulnerability on April 8, 2025. We're sharing our analysis of the observed CLFS exploit and related activity, as well as indicators of compromise, and detection details, and hunting guidance to improve defenses against these attacks, and encourage rapid patching or other mitigations. https://msft.it/6049qIVTH
-
Security updates for April 2025 are now available! Details are here: https://msft.it/60119yPTS #PatchTuesday #SecurityUpdateGuide
-
-
That’s a wrap on the final day of the inaugural Zero Day Quest. Researchers hacked until the very last minute, 11:59 AM PT, bringing three days of collaboration, creativity, and bug hunting to an exciting close. Afterward, we explored the best of Seattle on a city tour, then capped it all off with an unforgettable evening reception and awards ceremony at the iconic Space Needle. Huge thanks to the Zero Day Quest security researchers and Microsoft employees who brought their skills, passion, and energy to this inaugural event. Winners were announced last night during our celebration at the Space Needle. Stay tuned, we’ll be sharing the overall and category award winners publicly soon! #ZeroDayQuest
-
After three intense days of hacking at #ZeroDayQuest, we hit some of the most iconic spots in Seattle before our final celebration at the Space Needle. Our global crew of security researchers soaked in the sights, snapping skyline photos, and strengthening the community that makes this work so powerful.
-
-
-
-
-
+1
-
-
Day 2 of #ZeroDayQuest brought together brilliant minds from around the world for more hands-on hacking and meaningful community connections. Catch the energy in our recap video! Tom Gallagher Jeremy Tinder Jarek Stanley Wendy Zenone Coby Abrams Marco Ivaldi
-
Day 2 of #ZeroDayQuest brought even more hacking, problem-solving, and unforgettable moments. We then went to Carmine’s for incredible food and even better conversation, connecting over exploits, defense strategies, and a shared passion for protecting customers.
-
-
-
-
-
+3
-
-
We're seeing pure adrenaline, incredible collaboration, and great mental stamina on full display at our first-ever Zero Day Quest Onsite Hacking Event. Whether you're participating or cheering from the sidelines, this recap is packed with the energy, highlights, and hacker spirit that defines the Zero Day Quest Onsite Hacking Event. Watch the Day 1 recap! #ZeroDayQuest
-
Day 1 of the Zero Day Quest Onsite Hacking Event is in the books and we’ve kicked off Day 2. We welcomed top security researchers from around the world to Microsoft’s Redmond campus for a day of live hacking, collaboration, and connection. Researchers worked side-by-side with Microsoft engineers and product teams to identify vulnerabilities across our AI and cloud platforms. Lots of amazing reports and discussions flowed throughout the day—with MSRC, product teams, and the researchers themselves all driving security forward together. After headshots and hacking, we wrapped the day with a Mariners vs. Tigers game in Seattle (tough loss, but the vibes were strong!). We’re incredibly grateful to the security researcher community. Your work makes a real impact in helping protect customers. #ZeroDayQuest
-
-
-
-
-
+4
-