disclosure

Windows 11’s August cumulative update set off an alarm in enthusiast circles when a string of reproducible tests showed NVMe SSDs vanishing under sustained large writes — but the emerging, vendor‑validated explanation reframes the catastrophe as a narrower supply‑chain and firmware‑provenance...

AI chatbots are now answering more questions — and, according to a fresh NewsGuard audit, they are also repeating falsehoods far more often, producing inaccurate or misleading content in roughly one out of every three news‑related responses during an August 2025 audit cycle. Background The...

A Southern California resident has filed a lawsuit seeking to stop Microsoft from turning off routine, free security updates for Windows 10 on October 14, 2025 — a challenge that reframes a routine product‑lifecycle milestone as a flashpoint for questions about planned obsolescence, consumer...

This week, we released the first Beta preview of the next version of Microsoft Edge. Alongside this, Microsoft is excited to announce the launch of the Microsoft Edge Insider Bounty Program. We welcome researchers to seek out and disclose any high impact vulnerabilities they may find in the next...

We deeply appreciate the partnership of the many talented security researchers who report vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure. We pay bounties for research in key areas, and each year at Black Hat USA, we’ve recognized the most impactful researchers helping...

There are many dedicated people and organizations who contribute to the protection and security of our common customers. For years, Microsoft has recognized security researchers for helping protect the ecosystem. Now, we’re announcing the launch of a new program to better recognize and thank...

Revision Note: V1.0 (June 13, 2017): Advisory published Summary: Microsoft is announcing the availability of additional guidance for critical security updates, that are at heightened risk of exploitation due to past and threatened nation-state attacks and disclosures. Some of the releases are...

Revision Note: V1.0 (September 24, 2015): Advisory published. Summary: Microsoft is aware of four digital certificates that were inadvertently disclosed by D-Link Corporation that could be used in attempts to spoof content. The disclosed end-entity certificates cannot be used to issue other...

Severity Rating: Important Revision Note: V1.0 (March 10, 2015): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if an attacker runs a specially crafted application on an...

Severity Rating: Important Revision Note: V1.0 (March 10, 2015): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user browses to a website containing a specially crafted...

Link Removed

For years our customers have been in the trenches against cyberattacks in an increasingly complex digital landscape. We’ve been there with you, as have others. And we aren’t going anywhere. Forces often seek to undermine and disrupt technology and people, attempting to weaken the very devices...

Severity Rating: Important Revision Note: V1.0 (December 9, 2014): Bulletin published. Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user browses to a website containing specially crafted...

Today, we released Link Removed to address a vulnerability in Secure Sockets Layer (SSL) 3.0 which could allow information disclosure. This is an industry-wide vulnerability that affects the protocol itself, and is not specific to Microsoft’s implementation of SSL or the Windows operating...

Link Removed

Severity Rating: Important Revision Note: V1.1 (June 12, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes". Summary: This security update resolves one privately reported vulnerability in Windows Kernel. The vulnerability could...

Severity Rating: Important Revision Note: V1.0 (April 9, 2013): Bulletin published. Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Office. The vulnerability could allow elevation of privilege if an attacker sends specially crafted...

Severity Rating: Moderate Revision Note: V1.0 (November 13, 2012): Bulletin published. Summary: This security update resolves two privately reported vulnerabilities in Microsoft Internet Information Services (IIS). The more severe vulnerability could allow information...

Today we released Security Advisory 2755801 that addresses vulnerabilities in Adobe Flash Player in Internet Explorer 10 on Windows 8. The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically...

Severity Rating: Important Revision Note: V1.0 (July 10, 2012): Bulletin published. Summary: This security update resolves a publicly disclosed vulnerability in TLS. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served...