exploitation

Severity Rating: Critical Revision Note: V1.0 (March 10, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An...

Severity Rating: Critical Revision Note: V1.0 (February 10, 2015): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. A remote code execution vulnerability exists in how group policy receives and applies connection data when a...

Severity Rating: Important Revision Note: V1.0 (November 11, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could run arbitrary script in...

Severity Rating: Important Revision Note: V1.0 (November 11, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Internet Microsoft Information Services (IIS) that could lead to a bypass of the "IP and domain restrictions" security feature...

Original release date: October 27, 2014 Systems Affected Microsoft Windows Overview Since mid-October 2014, a phishing campaign has targeted a wide variety of recipients while employing the Dyre/Dyreza banking malware. Elements of this phishing campaign vary from target to target including...

Original release date: October 17, 2014 Systems Affected All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this...

Severity Rating: Important Revision Note: V1.0 (October 14, 2014): Bulletin published. Summary: This security update resolves one privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if an attacker convinces a user to open a specially crafted...

Severity Rating: Important Revision Note: V1.0 (August 12, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow security feature bypass if a user visits a specially crafted website. In a...

Severity Rating: Critical Revision Note: V1.0 (August 12, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that...

Severity Rating: Important Revision Note: V1.0 (August 12, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft OneNote. The vulnerability could allow remote code execution if a specially crafted file is opened in an affected version...

Severity Rating: Important Revision Note: V1.0 (August 12, 2014): Bulletin published. Summary: This security update resolves one privately reported vulnerability in Microsoft SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could use a specially crafted...

Original release date: January 13, 2014 | Last revised: February 05, 2014 Systems Affected NTP servers Overview A Network Time Protocol (NTP) Amplification attack is an emerging form of Distributed Denial of Service (DDoS) that relies on the use of publically accessible NTP servers to...

Severity Rating: Critical Revision Note: V2.0 (January 14, 2014): Rereleased bulletin to announce the reoffering of the 2862330 update to systems running Windows 7 or Windows Server 2008 R2. See the Update FAQ for details. Summary: This security update resolves seven privately reported...

Severity Rating: Important Revision Note: V1.0 (December 10, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Windows. The vulnerability could allow elevation of privilege if an attacker sends a specially crafted LPC port message to any LPC...

Revision Note: V1.0 (November 27, 2013): Advisory published. Summary: Microsoft is investigating new reports of a vulnerability in a kernel component of Windows XP and Windows Server 2003. We are aware of limited, targeted attacks that attempt to exploit this vulnerability. Continue reading...

Severity Rating: Critical Revision Note: V1.0 (August 13, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in the Unicode Scripts Processor included in Microsoft Windows. The vulnerability could allow remote code execution if a user viewed a...

Severity Rating: Critical Revision Note: V1.0 (July 9, 2013): Bulletin published. Summary: This security update resolves two publicly disclosed and six privately reported vulnerabilities in Microsoft Windows. The most severe vulnerability could allow remote code execution...

Severity Rating: Important Revision Note: V1.2 (June 18, 2013): Bulletin revised to announce a detection change in the security update for 2839229 to address the known issue documented in Microsoft Knowledge Base Article 2839229. This is a detection change only. Customers who have...

Original release date: June 18, 2013 | Last revised: June 19, 2013 Systems Affected Any system using Oracle Java including JDK and JRE 7 Update 21 and earlier JDK and JRE 6 Update 45 and earlier JDK and JRE 5.0 Update 45 and earlier JavaFX 2.2.21 and earlier Website owners that host...

Severity Rating: Important Revision Note: V1.1 (June 12, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes". Summary: This security update resolves one privately reported vulnerability in Windows Kernel. The vulnerability could...