Microsoft Azure|Security

Microsoft Security Risk Detection is Ready for Customers

Microsoft Security Risk Detection is Now Generally Available

Microsoft Security Risk Detection, a new Azure-hosted “whitebox fuzzing” service, is ready to ship to customers after several months of external testing. It will be generally available later this summer.

Previously codenamed Project Springfield, Microsoft Security Risk Detection (MSRD) began life inside Microsoft Research over ten years. It was designed to seek out the vulnerabilities in Microsoft’s software that hackers would later try to find and exploit so that the software giant could fix them preemptively. It was battle-tested by the Windows team and other groups within Microsoft. And now, with Satya Nadella’s rise to CEO, it has matured from an internal tool to a shipping product.

Microsoft first announced MSRD at Ignite 2016 last September, when it asked for external help testing the service. Over 11,000 potential testers signed up during the week of Ignite alone, I was told, and Microsoft selected an unknown number of select customers—DocuSign, OSIsoft, and Deschutes Brewing among them—for real-world testing.

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

MSRD works like an automated “super debugger,” project lead David Molnar told me this week, examining software binaries as they run and probing for vulnerabilities. This means that it doesn’t need source code access, which makes it safe for customers to deploy from the public cloud. And because it is a public cloud service, MSRD doesn’t require developers to have any particular security expertise.

Molnar said that MSRD contains two big breakthroughs. The super debugger provides time travel-like benefits that help organizations step back through running code and find out where and when vulnerabilities were exploitable. And it utilizes constraint solving AI routines to more efficiently determine the correct path for its probes. By comparison, hackers typically use brute force, randomized attacks that are far less efficient.

At a high level, MSRD “reads the mind and sees into the soul of the running program,” Molnar said.

MSRD will be expanded to other public clouds in the future—think Azure Stack—and Microsoft plans to add Linux software scanning in the near future as well.  You can sign-up for the Linux preview now.

“Linux is a priority for our customers because they run mission critical software on that platform,” Mr. Molnar noted. “These systems have to stay up, so anything that crashes is a much bigger issue.”

You can find out more about MSRD at the Microsoft Security Risk Detection website.


Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Paul Thurrott is an award-winning technology journalist and blogger with over 20 years of industry experience and the author of over 25 books. He is the News Director for the Petri IT Knowledgebase, the major domo at, and the co-host of three tech podcasts: Windows Weekly with Leo Laporte and Mary Jo Foley, What the Tech with Andrew Zarian, and First Ring Daily with Brad Sams. He was formerly the senior technology analyst at Windows IT Pro and the creator of the SuperSite for Windows.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: