attack vector

Every day, the Microsoft Security Response Center (MSRC) receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of...

Severity Rating: Critical Revision Note: V1.0 (September 13, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet...

Severity Rating: Critical Revision Note: V1.0 (January 12, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet...

Severity Rating: Important Revision Note: V1.0 (July 14, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows graphics component fails to properly process bitmap conversions. An...

Severity Rating: Critical Revision Note: V1.0 (November 11, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows. The vulnerability could allow remote code execution if an...

Revision Note: V1.0 (October 14, 2014): Advisory published Summary: Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0, affecting the Windows operating system. This vulnerability affects the protocol itself and is not...

Revision Note: V1.0 (October 14, 2014): Advisory published Summary: Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0, affecting the Windows operating system. This vulnerability affects the protocol itself and is not...

Severity Rating: Revision Note: V18.0 November 13, 2012): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS12-074, "Vulnerabilities in .NET Framework Could Allow Remote Code Execution." Summary: Microsoft is aware that research has...

Original release date: February 20, 2013 Systems Affected Any system using Oracle Java including JDK and JRE 7 Update 13 and earlier JDK and JRE 6 Update 39 and earlier JDK and JRE 5.0 Update 39 and earlier SDK and JRE 1.4.2_41 and earlier Web browsers using the Java plug-in are at...

Severity Rating: Critical Revision Note: V1.1 (January 8, 2013): Corrected download links for Microsoft XML Core Services 3.0 on Windows Server 2003 with SP2 for Itanium-based Systems and for Microsoft XML Core Services 6.0 when installed on Windows Server 2003 with SP2 for...

Severity Rating: Critical Revision Note: V1.0 (November 13, 2012): Bulletin published. Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user browses to a specially...

Severity Rating: Critical Revision Note: V1.0 (July 10, 2012): Bulletin published. Summary: This security update resolves a publicly disclosed vulnerability in Microsoft XML Core Services. The vulnerability could allow remote code execution if a user views a specially...

Revision Note: V15.0 (March 13, 2012): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS12-022, "Vulnerability in Expression Design Could Allow Remote Code Execution." Summary: Microsoft is aware that research has been...

Resolves vulnerabilities in Windows Task Scheduler that could allow elevation of privilege if an attacker logged on to an affected system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on... More...

Severity Rating: Important Revision Note: V1.0 (January 10, 2012): Bulletin published. Summary: This security update resolves a publicly disclosed vulnerability in SSL 3.0 and TLS 1.0. This vulnerability affects the protocol itself and is not specific to the Windows...

Severity Rating: Critical Revision Note: V1.2 (October 25, 2011): Announced a change to detection logic and corrected bulletin replacement information for some affected configurations. There were no changes to the security update files. See the Update FAQ for details...

Severity Rating: Important Revision Note: V1.0 (October 11, 2011): Bulletin published. Summary: This security update resolves a publicly disclosed vulnerability in Windows Media Center. The vulnerability could allow remote code execution if an attacker convinces a user to...

Revision Note: V1.0 (September 26, 2011): Advisory published. Summary: Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0 and TLS 1.0, affecting the Windows operating system. This vulnerability affects the...

Severity Rating: Important Revision Note: V1.2 (June 14, 2011): Announced that the updates for Microsoft Office for Mac, which were not available when the bulletin was originally published, are now available in bulletin MS11-045. Also, for both vulnerabilities addressed by this...

Severity Rating: Critical - Revision Note: V1.0 (August 9, 2011): Bulletin published.Summary: This security update resolves two privately reported vulnerabilities in Windows DNS server. The more severe of these vulnerabilities could allow remote code execution if an attacker registers a domain...