postMessaged and Compromised
MSRC
2025-08-25 15:00:00
收藏
At Microsoft, securing the ecosystem means more than just fixing bugs—it means proactively hunting for variant classes, identifying systemic weaknesses, and working across teams to protect customers before attackers ever get the chance. This blog highlights one such effort: a deep dive into the risks of misconfigured postMessage handlers across Microsoft services and how MSRC worked with engineering teams to mitigate them.
目录
最新
- Why XSS still matters: MSRC’s perspective on a 25-year-old threat
- BlueHat Asia 2025: Closing soon: Submit your papers by September 14, 2025
- postMessaged and Compromised
- Zero Day Quest: Join the largest hacking event with up to $5 million in total bounty awards
- .NET Bounty Program now offers up to $40,000 in awards
- .NET Bounty Program now offers up to $40,000 in awards
- How Microsoft defends against indirect prompt injection attacks
- Customer guidance for SharePoint vulnerability CVE-2025-53770