{"id":35024,"date":"2022-08-04T06:34:46","date_gmt":"2022-08-04T06:34:46","guid":{"rendered":"https:\/\/harchi90.com\/the-microsoft-team-racing-to-catch-bugs-before-they-happen\/"},"modified":"2022-08-04T06:34:46","modified_gmt":"2022-08-04T06:34:46","slug":"the-microsoft-team-racing-to-catch-bugs-before-they-happen","status":"publish","type":"post","link":"https:\/\/harchi90.com\/the-microsoft-team-racing-to-catch-bugs-before-they-happen\/","title":{"rendered":"The Microsoft Team Racing to Catch Bugs Before They Happen"},"content":{"rendered":"
\n

As a rush<\/span> of cybercriminals, state-backed hackers, and scammers continue to flood the zone with digital attacks and aggressive campaigns worldwide, it’s no surprise that the maker of the ubiquitous Windows operating system is focused on security defense. Microsoft’s Patch Tuesday update releases frequently contain fixes for critical vulnerabilities, including those that are actively being exploited by attackers out in the world.<\/p>\n

The company already has the requisite groups to hunt for weaknesses in its code (the \u201cred team\u201d) and develop mitigations (the \u201cblue team\u201d). But recently, that format evolved again to promote more collaboration and interdisciplinary work in the hopes of Known as Microsoft Offensive Research & Security Engineering, or Morse, the department combines the red team, blue team, and so-called green team, which focuses on finding flaws or taking weaknesses the red team has found and fixing them more systemically through changes to how things are done within an organization.<\/p>\n

\u201cPeople are convinced that you cannot move forward without investing in security,\u201d says David Weston, Microsoft’s vice president of enterprise and operating system security who’s been at the company for 10 years. \u201cI’ve been in security for a very long time. For most of my career, we were thought of as annoying. Now, if anything, leaders are coming to me and saying, ‘Dave, am I OK? Have we done everything we can?’ That’s been a significant change.\u201d<\/p>\n

Morse has been working to promote safe coding practices across Microsoft so fewer bugs end up in the company’s software in the first place. OneFuzz, an open source Azure testing framework, allows Microsoft developers to be constantly, automatically pelting their code with all sorts of unusual use cases to ferret out flaws that wouldn’t be noticeable if the software was only being used exactly as intended.<\/p>\n

The combined team has also been at the forefront of promoting the use of safer programming languages \u200b\u200b(like Rust) across the company. And they’ve advocated embedding security analysis tools directly into the real software compiler used in the company’s production workflow. That change has been impactful, Weston says, because it means developers aren’t doing hypothetical analysis in a simulated environment where some bugs might be overlooked at a step removed from real production.<\/p>\n

The Morse team says the shift toward proactive security has led to real progress. In a recent example, Morse members were vetting historic software\u2014an important part of the group’s job, since so much of the Windows codebase was developed before these expanded security reviews. While examining how Microsoft had implemented Transport Layer Security 1.3, the foundational cryptographic protocol used across networks like the internet for secure communication, Morse discovered a remotely exploitable bug that could have allowed attackers to access targets’ devices.<\/p>\n

As Mitch Adair, Microsoft’s principal security lead for Cloud Security, put it: \u201cIt would have been as bad as it gets. TLS is used to secure basically every single service product that Microsoft uses.\u201d<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

As a rush of cybercriminals, state-backed hackers, and scammers continue to flood the zone with digital attacks and aggressive campaigns worldwide, it’s no surprise that the maker of the ubiquitous Windows operating system is focused on security defense. Microsoft’s Patch Tuesday update releases frequently contain fixes for critical vulnerabilities, including those that are actively being …<\/p>\n

The Microsoft Team Racing to Catch Bugs Before They Happen<\/span> Read More »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[4],"tags":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":35622,"url":"https:\/\/harchi90.com\/almost-two-years-after-apples-m1-launch-microsoft-teams-goes-native\/","url_meta":{"origin":35024,"position":0},"title":"Almost two years after Apple’s M1 launch, Microsoft Teams goes native","date":"August 4, 2022","format":false,"excerpt":"enlarge \/ Microsoft Teams running on a Mac.Microsoft Microsoft has announced plans to roll out an Apple Silicon-native version of Microsoft Teams, but the release isn't going to happen overnight. In a blog post on its website, Microsoft claims the update will offer \"a significant boost in performance\" to users\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":41413,"url":"https:\/\/harchi90.com\/microsoft-open-sources-its-3d-emoji-to-let-creators-remix-and-customize-them\/","url_meta":{"origin":35024,"position":1},"title":"Microsoft open sources its 3D emoji to let creators remix and customize them","date":"August 10, 2022","format":false,"excerpt":"Microsoft is open sourcing more than 1,500 of its 3D emoji, making them free for creators to remix and build upon. Almost all of Microsoft's 1,538 emoji library will be available on Figma and GitHub starting today in a move that Microsoft hopes will encourage more creativity and inclusivity in\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6658,"url":"https:\/\/harchi90.com\/systemd-creator-lands-at-microsoft\/","url_meta":{"origin":35024,"position":2},"title":"Systemd Creator Lands At Microsoft","date":"July 7, 2022","format":false,"excerpt":"Yesterday's surprise was that Lennart Poettering quietly had left Red Hat following a decade and a half there leading PulseAudio among other projects and ultimately going on to start systemd that has fundamentally reshaped modern Linux distributions. It turns out he had joined Microsoft and continuing his work on systemd.\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6911,"url":"https:\/\/harchi90.com\/avoid-these-toll-fraud-apps-on-android\/","url_meta":{"origin":35024,"position":3},"title":"Avoid These ‘Toll Fraud’ Apps on Android","date":"July 7, 2022","format":false,"excerpt":"photo: Stokkete (Shutterstock)Older Android phones are a known security risk, but recent research from Microsoft's 365 Defender Research Team shows just how vulnerable the outdated devices are vulnerable to a serious form of malware known as \u201ctoll fraud.\u201dToll fraud malware hides in normal-looking apps, quietly signing up users for premium\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":14046,"url":"https:\/\/harchi90.com\/microsoft-patch-tuesday-july-2022-edition-krebs-on-security\/","url_meta":{"origin":35024,"position":4},"title":"Microsoft Patch Tuesday, July 2022 Edition \u2013 Krebs on Security","date":"July 14, 2022","format":false,"excerpt":"Microsoft today released updates to fix at least 86 security vulnerabilities in its windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited. The software giant also has made a controversial decision to put the brakes on a\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"https:\/\/i0.wp.com\/krebsonsecurity.com\/wp-content\/uploads\/2022\/07\/winupdatedate.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":19910,"url":"https:\/\/harchi90.com\/the-surface-headphones-2-are-getting-bluetooth-teams-certification\/","url_meta":{"origin":35024,"position":5},"title":"The Surface Headphones 2+ are getting Bluetooth Teams certification","date":"July 20, 2022","format":false,"excerpt":"Microsoft is soon going to be rolling out a firmware update for the Surface Headphones 2+, adding Teams certification when using them over Bluetooth. This should enhance the experience when partaking in Teams calls and meetings if you forget the dongle for the headphones. For context, the Surface Headphones 2+\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"fifu_image_url":"https:\/\/media.wired.com\/photos\/62eaa3f0a8cfdad40f878cc0\/191:100\/w_1280,c_limit\/Microsoft-Bugs-Security-Alamy-FCE79X.jpg","_links":{"self":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/35024"}],"collection":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/comments?post=35024"}],"version-history":[{"count":0,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/35024\/revisions"}],"wp:attachment":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/media?parent=35024"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/categories?post=35024"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/tags?post=35024"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}