{“lastseen”:”2025-08-25T21:43:58″,”description”:”At Microsoft, securing the ecosystem means more than just fixing bugs\u2014it means proactively hunting for variant classes, identifying systemic weaknesses, and working across teams to protect customers before attackers ever get the chance. This blog highlights one such effort: a deep dive into the risks of misconfigured postMessage handlers across Microsoft services and how MSRC worked with engineering teams to mitigate them.”,”published”:”2025-08-25T07:00:00″,”modified”:”2025-08-25T07:00:00″,”type”:”msrc”,”title”:”postMessaged and Compromised”,”source”:””,”references”:””,”id”:”MSRC:057D60C825C8870C92426F28F976CA16″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/msrc.microsoft.com\/blog\/2025\/08\/postmessaged-and-compromised\/”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-08-25T21:43:58″,”description”:”At Microsoft, securing the ecosystem means more than just fixing bugs\u2014it means proactively hunting for variant classes, identifying systemic weaknesses, and working across teams to…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,146,13,33,7,11,5],"class_list":["post-14261","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-msrc","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n