Microsoft Security Response Center

Addressing Exchange Server May 2026 vulnerability CVE-2026-42897 | Microsoft Community Hub techcommunity.microsoft.com/blog/Exchange/…

@i_am_vishh Nice work Vishal!

Exited to share that I received $4000 for finding a Stored XSS in Azure Cloud 🤗 @msftsecresponse

@devangsolankii Congrats Devang! Thanks for all your hard work.

I woke up to a $2500 bounty from @msftsecresponse today! #BugBounty #MicrosoftCorporation

Security updates for May 2026 are now available. Details are here: msft.it/6018SZEg0 This month’s release reflects a broader shift across the industry, with advances in automation, increased researcher participation, and the growing use of AI accelerating the discovery of vulnerabilities. As a result, security updates may continue to trend larger over time, while the process behind how Microsoft validates, prioritizes, and delivers fixes remains consistent. As discovery speeds up, the fundamentals matter more than ever. Stay current on patches, reduce exposure, strengthen identity protections, and invest in detection and response. Learn more in our blog post by Tom Gallagher, VP of Engineering, MSRC: msft.it/6011vP78L

Update to the Windows Insider Preview bounty program: General Awards for Elevation of Privilege and Information Disclosure are now split by finishing privilege, with award ranges increasing to $1,000–$8,000. This change is designed to better align rewards with the impact of reported vulnerabilities. Learn more on the Windows Insider Preview bounty page: msft.it/6018v3QZI

@priyanshu_itech We'll see you in Vegas!

Honored to receive an invitation from the @msftsecurity (MSRC) for their security research experience during Black Hat USA 2026 in Las Vegas. Looking forward to contributing Microsoft. #CyberSecurity #MSRC #SecurityResearch #BlackHatUSA #MicrosoftSecurity

Day 2 at BlueHat 2026 wrapped with new learnings, fresh perspectives, and continued discussions across the security community. From Mark Russinvoch’s keynote to deep technical sessions, the focus stayed clear: advancing security, together. Take a look at some of the highlights from Day 2 ⬇️ #BlueHat

Day 2 is underway at BlueHat. Here’s a look back at Day 1. A strong start, with the security community coming together to connect, share insights, and tackle real-world challenges. Watch the highlights ⬇️ #BlueHat

RT @MSFTBlueHat: Thank you to everyone who joined us for day 1 of BlueHat 2026! We kicked things off with opening remarks from Tom Gallagh…

Thank you to our BlueHat speakers who joined us for the welcome reception this evening. We are looking forward to welcoming everyone tomorrow for the first day of BlueHat, along with the presentations and conversations that bring this community together. #BlueHat

@wunderwuzzi23 Always a pleasure, Johann!

And shout out to MSRC for the collaboration throughout the process. 🙌

DEF CON Singapore talk write-up on hacking Microsoft Copilot(s)(CVE-2026-24299) embracethered.com/blog/posts/202…

@coolbrolly It'll be worth the trip! Hope you can make it.

Got an invite from @msftsecresponse for a researcher meeting during BlackHat 2026! 🎉 How thoughtful of them to acknowledge all that under-the-radar "collaboration". Though Vegas seems like a bit too much (away) for a quick coffee or two. 😅 #MSRC #Cybersecurity

@xhacking_z Congrats, Omar! See you in Vegas.

Really happy to be invited to the MSRC Security Researcher Celebration during Black Hat USA 2026 🥹❤️ Grateful to Microsoft Security Response Center for this opportunity 🙏🇪🇬 @msftsecresponse #MSRC #BlackHat2026 #BugBounty #CyberSecurity #InfoSec

@matrixm0x1 We'll see you soon!

I’m excited to be invited to a special researcher event with the @msftsecresponse at Black Hat USA 2026 in Las Vegas. Looking forward to learning more and connecting with the security community. Thank you to @Microsoft for the opportunity. See you in Las Vegas🔥

@Ky0toFu Congratulations!

Honored to be recognized on the MSRC 2026 Q1 Security Researcher Leaderboard. Grateful to MSRC for the recognition and the invitation to its Security Researcher Celebration during Black Hat USA 2026. #MSRC #BlackHat2026 #BugBounty #CyberSecurity #InfoSec

@merrickhare Every vuln is vital, and we truly appreciate your hard work. We're ready for your next submission!

Never thought I would find anything but having a moderate severity bug confirmed and a potential fix in June is rewarding. No bounty for this one but still grateful to be validated by @msftsecresponse

@d3sca Impressive find! Congrats, Mustafa.

Huge thanks to @msftsecresponse for the bounty Had found a reeeeeaaalllllyyy coool bug in Microsoft. The chain on this one was wild. Can’t wait for the responsible disclosure to clear so I can drop the writeup. Get ready for the deep dive. #msrc #BugBounty #infosec #Microsoft

We’ve updated the Microsoft 365 Insider Builds on Windows Bounty Program to better recognize impactful research and improve the submission experience for our community. What’s new: • Added Information Disclosure as an eligible impact category • Increased awards for Security Feature Bypass to align with top General Award levels • Introduced three new high‑impact scenarios, with awards of $30K, $20K, and $20K • Maintained the $30K award for unauthenticated, non‑sandboxed code execution with no user interaction These updates reflect feedback from researchers and help ensure the program continues to reward high‑impact research while strengthening protections for customers. Learn more: microsoft.com/en-us/msrc/bou…