disclosure

Link Removed - Invalid URL

Severity Rating: Important - Revision Note: V1.0 (June 14, 2011): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery...

Last summer at the Black Hat security conference, we announced a philosophical shift in how we refer to vulnerability disclosure, called "Coordinated Vulnerability Disclosure" (CVD). Our intent was to focus on how coordination and collaboration are required to resolve security issues in a way...

Revision Note: V2.0 (April 12, 2011): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into public reports of this vulnerability. We have issued MS11-026 to address this issue. For more information about this issue...

Revision Note: V1.1 (March 11, 2011): Revised Executive Summary to reflect investigation of limited, targeted attacks. Advisory Summary:Microsoft has completed the investigation into public reports of this vulnerability. We have issued MS11-026 to address this issue. For more information about...

Bulletin Severity Rating:Important - This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file or if a user opens a...

Severity Rating: Important - Revision Note: V1.0 (February 8, 2011): Bulletin published.Summary: This security update resolves a privately reported vulnerability in the JScript and VBScript scripting engines. The vulnerability could allow information disclosure if a user visited a specially...

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in the JScript and VBScript scripting engines. The vulnerability could allow information disclosure if a user visited a specially crafted Web site. An attacker would have no way to force users...

Revision Note: V1.0 (January 28, 2011): Advisory published. Advisory Summary:Microsoft is investigating new public reports of a vulnerability in all supported editions of Microsoft Windows. The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various...

Hello. Today we're releasing Link Removed due to 404 Error, which describesa publicly disclosed scripting vulnerability affecting all versions ofMicrosoft Windows. The main impact of the vulnerability is unintendedinformation disclosure. We're aware of publishedinformation and proof-of-concept...

Revision Note: V2.0 (September 28, 2010): Advisory updated to reflect publication of security bulletinSummary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-070 to address this issue. For more information about this issue, including...

Revision Note: V2.0 (September 28, 2010): Advisory updated to reflect publication of security bulletin Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-070 to address this issue. For more information about this issue...

Today, Microsoft is announcing a shift in philosophy on how we approach the topic of vulnerability disclosure, reframing the practice of "Responsible Disclosure" to "Coordinated Vulnerability Disclosure." In recognition of the endless debate between responsible disclosure and full disclosure...

BH Landscape Next week, many of us here will be heading down to Las Vegas for Black Hat. The MSRC, and other teams in Microsoft, have been attending Black Hat for years. In fact, we've been sponsoring the show for the last eight years-the last five as a platinum sponsor. Some might ask why...

Hi everyone, Today we released Link Removed due to 404 Error describing a publicly disclosed vulnerability in ASP.NET that affects all versions of the .NET Framework. At this time we are not aware of any attacks using this vulnerability and we encourage customers to review the advisory for...

Hi everyone - We've just updated Link Removed due to 404 Error as we've begun to see limited attacks with the ASP.NET vulnerability. We have added questions and answers and encourage customers to review this information and evaluate it for their environment. We have also added additional...

Bulletin Severity Rating:Important - This security update resolves a publicly disclosed vulnerability in ASP.NET. The vulnerability could allow information disclosure. An attacker who successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the...

Revision Note: V1.2 (September 24, 2010): Added an entry to the FAQ to announce a revision to the workaround, "Enable a UrlScan or Request Filtering rule, enable ASP.NET custom errors, and map all error codes to the same error page." Customers who have already applied the workaround should...

Revision Note: V1.0 (September 17, 2010): Advisory published. Advisory Summary:Microsoft is investigating a new public report of a vulnerability in ASP.NET. An attacker who exploited this vulnerability could view data, such as the View State, which was encrypted by the target server, or read...

Bulletin Severity Rating:Important - This security update resolves one publicly disclosed and four privately reported vulnerabilities in the Windows kernel-mode drivers. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and...