Named Top Microsoft Office Researcher by MSRC (2023)

The Microsoft Security Response Center (MSRC) announced the 2023 Most Valuable Security Researchers, recognising the top vulnerability researchers who reported high-impact security issues across Microsoft products during the July 2022 – June 2023 reporting period.

TecSecurity founder Rocco Calvi (@TecR0c) was named one of the top three Microsoft Office researchers for the year:

Congratulations to the top Office researchers this year: Mat Powell working with Trend Micro Zero Day Initiative, zcgonvh, Rocco Calvi (@TecR0c)!

What This Covers

The recognition reflects a sustained research effort targeting Microsoft’s Office suite – Excel, Word, and the broader Office graphics and document processing stack. Over the qualifying period, we reported 16 vulnerabilities to Microsoft across these products, spanning remote code execution, memory corruption, and information disclosure classes.

Every finding was the result of manual binary analysis and targeted fuzzing of Office file format parsers. These are among the most heavily audited codebases in the world, yet persistent manual review continues to surface exploitable flaws that automated tooling alone does not catch.

Advisories

Our published Microsoft Office advisories are available in the advisory index. They include:

• Multiple Excel and Word remote code execution vulnerabilities
• Office memory corruption flaws in document and graphics parsing
• Information disclosure issues leaking sensitive data via crafted documents

Each advisory includes CVE identifiers, CVSS scoring, and disclosure timelines.

References

• MSRC 2023 Most Valuable Security Researchers
• MSRC Researcher Spotlight: Rocco Calvi

• Microsoft
• Msrc
• Office
• Excel
• Word
• Recognition