cve

Original release date: May 12, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government are providing this technical guidance to advise IT security professionals at public and private sector...

Revision Note: V1.1 (May 10, 2017): Advisory revised to include a table of issue CVEs and their descriptions. This is an informational change only. Summary: Microsoft is releasing this security advisory to provide information about vulnerabilities in the public .NET Core and ASP.NET Core. This...

This is the first of a series of blog entries to give some insight into the Microsoft Security Response Center (MSRC) business and how we work with security researchers and vulnerability reports. The Microsoft Security Response Center actively recognizes those security researchers who help us...

Original release date: June 13, 2017 Systems Affected Networked Systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides technical details on the...

The Link Removed has been in public preview since November 2016. This month marked our first release when security update information was published entirely in the new format. Over the last few months, customers and partners have provided a lot of feedback on the direction and implementation of...

Severity Rating: Important Revision Note: V1.1 (October 11, 2016): Bulletin revised to correct a CVE ID. CVE-2016-7191 has been changed to CVE-2016-7211. This is an informational change only. Customers who have successfully installed the updates do not need to take any further action. Summary...

Severity Rating: Moderate Revision Note: V1.0 (October 11, 2016): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user of an affected system to visit a...

Severity Rating: Critical Revision Note: V1.0 (October 11, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Silverlight and Microsoft Lync. The most serious of these vulnerabilities could allow remote...

Severity Rating: Critical Revision Note: V1.0 (June 16, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10...

Severity Rating: Important Revision Note: V1.0 (July 14, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs a specially crafted...

Today, as part of Update Tuesday, we released 14 security bulletins to address vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Exchange, and Internet Explorer. We encourage customers to apply all of these updates. For more information about this month’s security updates...

Today, as part of Update Tuesday, we released nine security bulletins – three rated Critical and six rated Important in severity, to address 56 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Microsoft Office, Internet Explorer, and Microsoft Server software. We...

Original release date: November 19, 2014 Systems Affected Microsoft Windows Vista, 7, 8, and 8.1 Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2 Overview A remote escalation of privilege vulnerability exists in implementations of Kerberos Key Distribution...

Today, as part of Update Tuesday, we released 14 security updates – four rated Critical, nine rated Important, and two rated Moderate, to address 33 Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office, .NET Framework, Internet Information Services...

Severity Rating: Important Revision Note: V1.0 (October 14, 2014): Bulletin published. Summary: This security update resolves a publicly disclosed vulnerability in ASP.NET MVC. The vulnerability could allow security feature bypass if an attacker convinces a user to click a specially crafted link...

Today, as a part of our regular Update Tuesday process, we released four security bulletins – one rated Critical and three rated Important in severity – to address 42 Common Vulnerabilities & Exposures (CVEs) in Microsoft Windows, Internet Explorer, .NET Framework, and Lync Server. We encourage...

Severity Rating: Critical Revision Note: V1.0 (August 12, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that...

Many around the globe have been following the 2014 FIFA World Cup Brazil™ closely. Regardless of which country you are supporting, many folks have been impressed by the defensive display put on by keeper Tim Howard in a loss against Belgium. It was a great performance highlighting a strong...

As security professionals, we are trained to think in worst-case scenarios. We run through the land of the theoretical, chasing “what if” scenarios as though they are lightning bugs to be gathered and stashed in a glass jar. Most of time, this type of thinking is absolutely the correct thing...

T. S. Elliot once said, “What we call the beginning is often the end. And to make an end is to make a beginning. The end is where we start from.” So as we put one season to bed, let’s start another by looking at the April security updates. Today, we release four bulletins to address 11 CVEs in...