exploitation

Severity Rating: Important Revision Note: V1.0 (April 14, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could leverage a known invalid task to cause Task Scheduler to run a...

Original release date: April 13, 2015 Systems Affected Misconfigured Domain Name System (DNS) servers that respond to global Asynchronous Transfer Full Range (AXFR) requests. Overview A remote unauthenticated user may request a DNS zone transfer from a public-facing DNS server. If...

Severity Rating: Critical Revision Note: V1.0 (March 10, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An...

Severity Rating: Critical Revision Note: V1.0 (February 10, 2015): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. A remote code execution vulnerability exists in how group policy receives and applies connection data when a...

Severity Rating: Important Revision Note: V1.0 (November 11, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could run arbitrary script in...

Severity Rating: Important Revision Note: V1.0 (November 11, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Internet Microsoft Information Services (IIS) that could lead to a bypass of the "IP and domain restrictions" security feature...

Original release date: October 27, 2014 Systems Affected Microsoft Windows Overview Since mid-October 2014, a phishing campaign has targeted a wide variety of recipients while employing the Dyre/Dyreza banking malware. Elements of this phishing campaign vary from target to target including...

Original release date: October 17, 2014 Systems Affected All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this...

Severity Rating: Important Revision Note: V1.0 (October 14, 2014): Bulletin published. Summary: This security update resolves one privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if an attacker convinces a user to open a specially crafted...

Severity Rating: Important Revision Note: V1.0 (August 12, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow security feature bypass if a user visits a specially crafted website. In a...

Severity Rating: Critical Revision Note: V1.0 (August 12, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that...

Severity Rating: Important Revision Note: V1.0 (August 12, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft OneNote. The vulnerability could allow remote code execution if a specially crafted file is opened in an affected version...

Severity Rating: Important Revision Note: V1.0 (August 12, 2014): Bulletin published. Summary: This security update resolves one privately reported vulnerability in Microsoft SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could use a specially crafted...

Original release date: January 13, 2014 | Last revised: February 05, 2014 Systems Affected NTP servers Overview A Network Time Protocol (NTP) Amplification attack is an emerging form of Distributed Denial of Service (DDoS) that relies on the use of publically accessible NTP servers to...

Severity Rating: Critical Revision Note: V2.0 (January 14, 2014): Rereleased bulletin to announce the reoffering of the 2862330 update to systems running Windows 7 or Windows Server 2008 R2. See the Update FAQ for details. Summary: This security update resolves seven privately reported...

:eek: :headache: :shocked:

Severity Rating: Important Revision Note: V1.0 (December 10, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Windows. The vulnerability could allow elevation of privilege if an attacker sends a specially crafted LPC port message to any LPC...

Revision Note: V1.0 (November 27, 2013): Advisory published. Summary: Microsoft is investigating new reports of a vulnerability in a kernel component of Windows XP and Windows Server 2003. We are aware of limited, targeted attacks that attempt to exploit this vulnerability. Continue reading...

Severity Rating: Critical Revision Note: V1.0 (August 13, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in the Unicode Scripts Processor included in Microsoft Windows. The vulnerability could allow remote code execution if a user viewed a...

Severity Rating: Critical Revision Note: V1.0 (July 9, 2013): Bulletin published. Summary: This security update resolves two publicly disclosed and six privately reported vulnerabilities in Microsoft Windows. The most severe vulnerability could allow remote code execution...