exploit

Today, we released Security Advisory 2794220 regarding an issue that impacts Internet Explorer 6, 7, and 8. We are only aware of a very small number of targeted attacks at this time. This issue allows remote code execution if users browse to a malicious website with an affected browser. This...

Revision Note: V1.0 (December 29, 2012): Advisory published. Summary: Microsoft is investigating public reports of a vulnerability in Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8. Internet Explorer 9 and Internet Explorer 10 are not affected by the vulnerability...

Resolves a vulnerability in the JScript and VBScript scripting engines on 64-bit versions of Microsoft Windows that could allow remote code execution if a user visited a specially crafted website. More...

Syndicated from the United States Security Readiness Team (US-CERT). Link Removed - Invalid URL

Severity Rating: Critical Revision Note: V1.0 (September 21, 2012): Bulletin published. Summary: This security update resolves one publicly disclosed and four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code...

Microsoft has released a Security Update to address a vulnerability in Internet Explorer 7, 8 and 9 on Windows XP, Vista and 7 Microsoft Security Advisory: Vulnerability in Internet Explorer could allow remote code execution Microsoft Security Advisory (2757760): Vulnerability in Internet...

We will release a Fix it in the next few days to address an issue in Internet Explorer, as outlined in the Security Advisory 2757760 that we released yesterday. While we have only seen a few attempts to exploit the issue, impacting an extremely limited number of people, we are taking this...

Syndicated from the United States Security Readiness Team (US-CERT). Link Removed - Invalid URL

Severity Rating: Important Revision Note: V1.0 (September 11, 2012): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Visual Studio Team Foundation Server. The vulnerability could allow elevation of privilege if a user clicks...

Revision Note: V1.0 (August 20, 2012): Advisory published. Summary: Microsoft is aware that detailed exploit code has been published for known weaknesses in the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2). The MS-CHAP v2 protocol is widely used as an...

Severity Rating: Critical Revision Note: V2.1 (August 15, 2012): Corrected download links for Microsoft Groove Server 2007 and other Microsoft Office software. Added download links and update information for Microsoft Groove 2007. These are informational changes only. Customers who...

Severity Rating: Important Revision Note: V1.0 (August 14, 2012): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Visio...

One year ago this week we challenged the security community to take an unconventional focus on defensive innovation. We called that challenge the Link Removed due to 404 Error, and tomorrow night, we will award the grand prize of $200,000 to one of the finalists - Jared DeMott, Ivan Fratric, or...

(This pertains to windows 7) As title really, is it possible for a threat loaded from something like a web page or something else, to inject malicious dll's into existing legitimate windows processes ? And when i say existing processes i mean the processes and type of stuff that most people...

Resolves a vulnerability in Windows Media Player that could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site. More...

Resolves vulnerabilities in Internet Information Services (IIS) that could allow remote code execution if a user received a specially crafted HTTP request. An attacker who successfully exploited this vulnerability could take complete control of an... More...

A vulnerability in Windows Shell could allow remote code execution. More...

Resolves a vulnerability in Microsoft Windows that could allow remote code execution if a user opens a file or directory with a specially crafted name. An attacker who successfully exploited this vulnerability could gain the same user rights as the... More...

Resolves a vulnerability in Microsoft Windows that could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit... More...

Severity Rating: Critical Revision Note: V1.0 (July 10, 2012): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views a specially crafted...