attack

Severity Rating: Important Revision Note: V1.0 (December 13, 2011): Bulletin published. Summary: This security update resolves a privately reported vulnerability in all supported editions of Windows XP and Windows Server 2003. This security update is rated Important for all...

Severity Rating: Important Revision Note: V1.0 (December 13, 2011): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Office IME (Chinese). The vulnerability could allow elevation of privilege if a logged-on user...

Severity Rating: Important Revision Note: V1.0 (December 13, 2011): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected...

Severity Rating: Important Revision Note: V1.0 (December 13, 2011): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected...

Revision Note: V1.3 (November 8, 2011): Added link to MAPP Partners with Updated Protections in the Executive Summary. Revised impact statement for the workaround, Deny access to T2EMBED.DLL, to address a reoffer issue on Windows XP and Windows Server 2003. Also, revised the mitigating factors...

Resolves a vulnerability in the MHTML protocol handler in Windows that could allow information disclosure if a user opens a specially crafted URL from an attacker's website. More...

Severity Rating: Critical Revision Note: V1.0 (November 8, 2011): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow...

Revision Note: V1.0 (November 3, 2011): Advisory published. Summary: Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode...

Resolves a vulnerability in Active Directory Certificate Services Web Enrollment that could allow elevation of privilege and enable an attacker to execute arbitrary commands on the site in the context of the target user. Link Removed

Severity Rating: Important Revision Note: V1.0 (October 11, 2011): Bulletin published. Summary: This security update resolves a privately reported vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if...

Severity Rating: Important Revision Note: V1.0 (October 11, 2011): Bulletin published. Summary: This security update resolves a privately reported vulnerability in the Microsoft Active Accessibility component. The vulnerability could allow remote code execution if an...

Hello. Today we released Security Advisory 2588513, addressing an information-disclosure issue in SSL (Secure Sockets Layer) 3.0 and TLS (Transport Layer Security) 1.0 to provide guidance for customers. This is an industry-wide issue with limited impact that affects the Internet ecosystem as a...

ST. PETERSBURG — The vampire attacked just before midnight on the porch of a vacant Hooters. Read Full Story: Link Removed due to 404 Error

Revision Note: Advisory published Summary: Microsoft is aware that research was published at a security conference proving a successful attack against X.509 digital certificates signed using the MD5 hashing algorithm. This attack method would allow an attacker to generate additional...

Severity Rating: Important Revision Note: V1.0 (September 13, 2011): Bulletin published. Summary: This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow elevation of privilege if a user...

Revision Note: V3.0 (April 14, 2009) Advisory updated to reflect publication of security bulletin. Summary: Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file...

Revision Note: V1.0 (December 8, 2009): Advisory published. Summary: This advisory addresses the potential for attacks that affect the handling of credentials using Integrated Windows Authentication (IWA), and the mechanisms Microsoft has made available for customers to help protect...

Revision Note: V1.0 (August 10, 2010): Advisory published. Summary: Microsoft is aware of the potential for attacks that leverage the Windows Service Isolation feature to gain elevation of privilege. This advisory discusses potential attack scenarios and provides suggested actions that...

Revision Note: V3.0 (September 6, 2011): Revised to announce the release of an update that addresses this issue. Summary: Microsoft is aware of active attacks using at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root...

Severity Rating: Critical Revision Note: V1.1 (April 20, 2011): Bulletin updated to clarify that the JScript 5.8 and VBScript 5.8 update (KB2510531) also replaces MS09-045, in addition to MS10-022, for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and...