Security updates for June 2026 are now available. Details are here: msft.it/6018SZEg0 #PatchTuesday

The BlueHat Asia Call for Papers closes June 15. If you’ve been considering submitting, now’s the time: aka.ms/BlueHatAsiaCFP

Over the past several days, we have been listening to the conversation around coordinated disclosure and the relationship between security researchers and vendors. We recognize that this relationship is both critical and, at times, fragile. We deeply value the security community, and will continue to take your feedback seriously. To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research. When an individual breaks the law and engages in malicious activity causing real harm to our customers, we will work with law enforcement as appropriate. We recognize the work that goes into researching and submitting a vulnerability. We are committed to approaching every interaction with transparency, clear communication, and professionalism. We continue to believe strongly in Coordinated Vulnerability Disclosure as the foundation for protecting customers and improving our products. Each year we process a high volume of vulnerability reports. That volume continues to grow and will continue with the rise of AI-enabled research. We acknowledge that some interactions have fallen short and are working to learn from them. Many of us have experience on both sides of this work, as researchers reporting vulnerabilities and as responders triaging and assessing them. That perspective informs how we approach this feedback and the importance we place on getting it right, particularly as the volume and complexity of research continues to grow. The security community plays a vital role in helping us protect customers. We are committed to maintaining a constructive and respectful relationship and growing together. We know that, given the nature of this work, there will at times be misunderstandings. We remain committed to engaging in good faith and to providing a respectful and professional experience for all researchers, regardless of past interactions.

BlueHat Asia is heading to Singapore on September 17–18! 👉Apply now for your chance to join us: aka.ms/bluehatreg Applications close July 17. #BlueHat

Less than one month to go ⏳ The BlueHat Asia Call for Papers closes June 15. Don't miss your chance to share your research! Submit your talk today: aka.ms/BlueHatAsiaCFP

Addressing Exchange Server May 2026 vulnerability CVE-2026-42897 | Microsoft Community Hub techcommunity.microsoft.com/…

Security updates for May 2026 are now available. Details are here: msft.it/6018SZEg0 This month’s release reflects a broader shift across the industry, with advances in automation, increased researcher participation, and the growing use of AI accelerating the discovery of vulnerabilities. As a result, security updates may continue to trend larger over time, while the process behind how Microsoft validates, prioritizes, and delivers fixes remains consistent. As discovery speeds up, the fundamentals matter more than ever. Stay current on patches, reduce exposure, strengthen identity protections, and invest in detection and response. Learn more in our blog post by Tom Gallagher, VP of Engineering, MSRC: msft.it/6011vP78L

Update to the Windows Insider Preview bounty program: General Awards for Elevation of Privilege and Information Disclosure are now split by finishing privilege, with award ranges increasing to $1,000–$8,000. This change is designed to better align rewards with the impact of reported vulnerabilities. Learn more on the Windows Insider Preview bounty page: msft.it/6018v3QZI

Day 2 at BlueHat 2026 wrapped with new learnings, fresh perspectives, and continued discussions across the security community. From Mark Russinvoch’s keynote to deep technical sessions, the focus stayed clear: advancing security, together. Take a look at some of the highlights from Day 2 ⬇️ #BlueHat

Day 2 is underway at BlueHat. Here’s a look back at Day 1. A strong start, with the security community coming together to connect, share insights, and tackle real-world challenges. Watch the highlights ⬇️ #BlueHat

RT @MSFTBlueHat: Thank you to everyone who joined us for day 1 of BlueHat 2026! We kicked things off with opening remarks from Tom Gallagh…

Thank you to our BlueHat speakers who joined us for the welcome reception this evening. We are looking forward to welcoming everyone tomorrow for the first day of BlueHat, along with the presentations and conversations that bring this community together. #BlueHat

We’ve updated the Microsoft 365 Insider Builds on Windows Bounty Program to better recognize impactful research and improve the submission experience for our community. What’s new: • Added Information Disclosure as an eligible impact category • Increased awards for Security Feature Bypass to align with top General Award levels • Introduced three new high‑impact scenarios, with awards of $30K, $20K, and $20K • Maintained the $30K award for unauthenticated, non‑sandboxed code execution with no user interaction These updates reflect feedback from researchers and help ensure the program continues to reward high‑impact research while strengthening protections for customers. Learn more: microsoft.com/en-us/msrc/bou…

At BlueHat Asia, Cameron Vincent (@SecretlyHidden1), Senior Security Researcher, MSRC and Brian McNulty, MSRC Summer Intern, walk through real-world variant hunting inside MSRC, including: • Common multi-tenant authorization pitfalls • What not to trust in JWT claims • How tools like Impostor help uncover risk at scale Watch the full session and explore the slides to dive deeper into the research and practical guidance: youtube.com/watch?v=LykXwP4k… Want to speak at BlueHat Asia? Submit your talk by June 15: aka.ms/BlueHatAsiaCFP

Have a lovely night connecting with MSRC team and MVRs, thanks @msftsecresponse for inviting me to attend Black Hat Asia and MSRC Researcher Celebration😊”trust me, we all love MSRC” — via Yuki Chen

Thank you to everyone who joined us for the MSRC Researcher Celebration at Black Hat Asia. It was great to connect with so many in the community and spend time sharing ideas and conversations. We appreciate the collaboration that drives this work forward and look forward to what we’ll build together next.

Collaboration with the security research community continues to strengthen protection for customers. Read how Harun's journey from his first report to Most Valuable Researcher highlights the real-world impact of cloud security research and coordinated vulnerability disclosure: msft.it/6012vE1zy

New research ready to share? Submit to BlueHat Asia by June 15: aka.ms/BlueHatAsiaCFP