attacker

Resolves a vulnerability in Windows DNS resolution that could allow remote code execution if an attacker gained access to the network and then created a custom program to send specially crafted LLMNR broadcast queries to the target systems. More...

Resolves vulnerabilities in Microsoft Windows that could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. More...

Severity Rating: Important Revision Note: V1.0 (February 14, 2012): Bulletin published. Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to a...

Severity Rating: Critical Revision Note: V1.1 (December 30, 2011): Added entry to the Update FAQ to address security-related changes to functionality contained in this update and added mitigation for CVE-2011-3414 Summary: This security update resolves one publicly...

Resolves vulnerabilities in Microsoft Windows that could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. More...

Severity Rating: Critical Revision Note: V1.1 (April 13, 2011): Clarified the vulnerability description in the Executive Summary. Summary: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The...

Severity Rating: Important Revision Note: V1.1 (June 15, 2011): Clarified the XSS Filter mitigation. Summary: This security update resolves a privately reported vulnerability in Active Directory Certificate Services Web Enrollment. The vulnerability is a cross-site...

Severity Rating: Critical Revision Note: V1.0 (July 12, 2011): Bulletin published. Summary: This security update resolves a privately reported vulnerability in the Windows Bluetooth Stack. The vulnerability could allow remote code execution if an attacker sent a series of...

Severity Rating: Important - Revision Note: V1.0 (August 9, 2011): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate Excel file (such as a .xlsx file)...

Severity Rating: Important - Revision Note: V1.0 (August 9, 2011): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft Report Viewer. The vulnerability could allow information disclosure if a user views a specially crafted Web page. In all...

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to send a device event...

Plug and Prey: Malicious USB Devices

Resolves vulnerabilities in Windows that could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. More...

Severity Rating: Important - Revision Note: V1.0 (July 12, 2011): Bulletin published.Summary: This security update resolves 15 privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and...

Severity Rating: Important - Revision Note: V1.0 (July 12, 2011): Bulletin published.Summary: This security update resolves five privately reported vulnerabilities in the Microsoft Windows Client/Server Run-time Subsystem (CSRSS). The vulnerabilities could allow elevation of privilege if an...

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in the Windows Bluetooth Stack. The vulnerability could allow remote code execution if an attacker sent a series of specially crafted Bluetooth packets to an affected system. An attacker could...

Bulletin Severity Rating:Important - This security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user opens a specially crafted URL from an attacker's web site. An attacker would...

Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in the Microsoft Distributed File System (DFS). The more severe of these vulnerabilities could allow remote code execution when an attacker sends a specially crafted DFS response to a...

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in...

Severity Rating: Important - Revision Note: V1.0 (April 12, 2011): Bulletin published.Summary: This security update resolves thirty privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially...