Learn What IT Pros Need to Know About Windows 11 - August 24th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 24th at 1 PM ET!
Microsoft Azure|Security

Microsoft Security Risk Detection is Ready for Customers

Microsoft Security Risk Detection is Now Generally Available

Microsoft Security Risk Detection, a new Azure-hosted “whitebox fuzzing” service, is ready to ship to customers after several months of external testing. It will be generally available later this summer.

Previously codenamed Project Springfield, Microsoft Security Risk Detection (MSRD) began life inside Microsoft Research over ten years. It was designed to seek out the vulnerabilities in Microsoft’s software that hackers would later try to find and exploit so that the software giant could fix them preemptively. It was battle-tested by the Windows team and other groups within Microsoft. And now, with Satya Nadella’s rise to CEO, it has matured from an internal tool to a shipping product.

Microsoft first announced MSRD at Ignite 2016 last September, when it asked for external help testing the service. Over 11,000 potential testers signed up during the week of Ignite alone, I was told, and Microsoft selected an unknown number of select customers—DocuSign, OSIsoft, and Deschutes Brewing among them—for real-world testing.

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

MSRD works like an automated “super debugger,” project lead David Molnar told me this week, examining software binaries as they run and probing for vulnerabilities. This means that it doesn’t need source code access, which makes it safe for customers to deploy from the public cloud. And because it is a public cloud service, MSRD doesn’t require developers to have any particular security expertise.

Molnar said that MSRD contains two big breakthroughs. The super debugger provides time travel-like benefits that help organizations step back through running code and find out where and when vulnerabilities were exploitable. And it utilizes constraint solving AI routines to more efficiently determine the correct path for its probes. By comparison, hackers typically use brute force, randomized attacks that are far less efficient.

At a high level, MSRD “reads the mind and sees into the soul of the running program,” Molnar said.

MSRD will be expanded to other public clouds in the future—think Azure Stack—and Microsoft plans to add Linux software scanning in the near future as well.  You can sign-up for the Linux preview now.

“Linux is a priority for our customers because they run mission critical software on that platform,” Mr. Molnar noted. “These systems have to stay up, so anything that crashes is a much bigger issue.”

You can find out more about MSRD at the Microsoft Security Risk Detection website.


Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Paul Thurrott is an award-winning technology journalist and blogger with over 20 years of industry experience and the author of over 25 books. He is the News Director for the Petri IT Knowledgebase, the major domo at Thurrott.com, and the co-host of three tech podcasts: Windows Weekly with Leo Laporte and Mary Jo Foley, What the Tech with Andrew Zarian, and First Ring Daily with Brad Sams. He was formerly the senior technology analyst at Windows IT Pro and the creator of the SuperSite for Windows.

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.


Sponsored By