code execution

Today we released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. An attacker could cause remote code execution if someone was convinced to open a specially crafted Rich...

There are times when we get too close to a topic. We familiarize ourselves with every aspect and nuance, but fail to recognize not everyone else has done the same. Whether you consider this myopia, navel-gazing, or human nature, the effect is the same. I recognized this during the recent webcast...

Continue reading...

Severity Rating: Important Revision Note: V1.1 (July 9, 2013): Bulletin revised to announce a detection change in the Windows Vista packages for the 2579686 update to correct a Windows Update reoffering issue. This is a detection change only. Customers who have already successfully updated their...

Severity Rating: Critical Revision Note: V2.1 (July 9, 2013): Bulletin revised to announce a detection change that excludes Windows 7 language packs from the 2485376 update for Windows XP Professional x64 Edition Service Pack 2. This is a detection change only. Customers who have already...

Revision Note: V1.0 (May 14, 2013): Advisory published. Summary: Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft. The update addresses a...

Severity Rating: Critical Revision Note: V1.0 (July 9, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted media...

Original release date: May 14, 2013 Systems Affected Microsoft Windows Internet Explorer Microsoft .NET Framework Microsoft Lync Microsoft Office Microsoft Windows Essentials Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates...

We have updated Security Advisory 2847140 to include an easy, one-click Fix it to address the known attack vectors. The Fix it is available to all customers and helps prevent known attacks that leverage the vulnerability to execute code and should not affect your ability to browse the Web...

Original release date: April 10, 2013 Systems Affected Microsoft Windows Microsoft Remote Desktop Client Microsoft Antimalware Client Microsoft Sharepoint Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these...

Severity Rating: Important Revision Note: V1.0 (April 9, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in the Microsoft Antimalware Client. The vulnerability could allow elevation of privilege due to the pathnames used...

Severity Rating: Critical Revision Note: V1.0 (March 12, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if an attacker hosts a website that...

Original release date: March 05, 2013 Systems Affected Any system using Oracle Java 7, 6, 5 (1.7, 1.6, 1.5) including Java Platform Standard Edition 7 (Java SE 7) Java Platform Standard Edition 6 (Java SE 6) Java Platform Standard Edition 6 (Java SE 5) Java SE Development Kit (JDK...

Severity Rating: Critical Revision Note: V1.1 (January 8, 2013): Corrected download links for Microsoft XML Core Services 3.0 on Windows Server 2003 with SP2 for Itanium-based Systems and for Microsoft XML Core Services 6.0 when installed on Windows Server 2003 with SP2 for...

We have updated Security Advisory 2749920 to include the Fix it we discussed in Saturday’s blog post. This easy, one-click Fix it is Link Removed to everyone and prevents the vulnerability from being used for code execution without affecting your ability to browse the Web. Additionally...

Revision Note: V1.0 (July 10, 2012): Advisory published. Summary: Microsoft is announcing the availability of an automated Microsoft Fix it solution that disables the Windows Sidebar and Gadgets on supported editions of Windows Vista and Windows 7. Disabling the Windows Sidebar and...

Resolves a vulnerability in the canonical display driver (cdd.dll) that could allow code execution. More...

Revision Note: V1.0 (June 12, 2012): Advisory published. Summary: Microsoft is investigating reports of a vulnerability in Microsoft XML Core Services. The vulnerability could allow remote code execution if a user views a specially crafted web page using Internet Explorer. An attacker...

Severity Rating: Critical Revision Note: V1.0 (June 12): Bulletin published. Summary: This security update resolves a privately reported vulnerability in the Remote Desktop Protocol. The vulnerability could allow remote code execution if an attacker sends a sequence of...

Severity Rating: Critical Revision Note: V1.0 (March 13, 2012): Bulletin published. Summary: This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an...