mitigations

Original release date: April 29, 2020 Summary As organizations adapt or change their enterprise collaboration capabilities to meet “telework” requirements, many organizations are migrating to Microsoft Office 365 (O365) and other cloud collaboration services. Due to the speed of these...

Original release date: January 31, 2020 Summary Unknown cyber network exploitation (CNE) actors have successfully compromised numerous organizations that employed vulnerable Citrix devices through a critical vulnerability known as CVE-2019-19781.Link Removed Though mitigations were released...

Original release date: January 04, 2018 Systems Affected CPU hardware implementations Overview On January 3, 2018, the National Cybersecurity and Communications Integration Center (NCCIC) became aware of a set of security vulnerabilities—known as Meltdown and Spectre— that affect modern...

Today, Google Project Zero published details of a class of vulnerabilities which can be exploited by speculative execution side-channel attacks. These techniques can be used via JavaScript code running in the browser, which may allow attackers to gain access to memory in the attacker’s process...

Original release date: September 06, 2016 | Last revised: September 28, 2016 Systems Affected Network Infrastructure Devices Overview The advancing capabilities of organized hacker groups and cyber adversaries create an increasing global threat to information systems. The rising threat...

Security is a critical component of our products at Microsoft. A strong emphasis on security is a persistent factor throughout our entire development process. Microsoft is committed to designing and developing secure software. Testing is performed both internally and by working closely with the...

Original release date: November 14, 2014 Systems Affected Microsoft Windows Vista, 7, 8, 8.1, RT, and RT 8.1 Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2 Microsoft Windows XP and 2000 may also be affected. Overview A critical vulnerability in...

Over the years, we've put a lot of work into helping secure the computing ecosystem and limiting the number of issues in our products. The security researcher community is critical to these efforts, as they help us find vulnerabilities in our software that we may have missed. Now we're taking...

Today, we released Security Advisory 2847140 regarding an issue that impacts Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically...

Today, we released Security Advisory 2794220 regarding an issue that impacts Internet Explorer 6, 7, and 8. We are only aware of a very small number of targeted attacks at this time. This issue allows remote code execution if users browse to a malicious website with an affected browser. This...

Today we released Security Advisory 2757760 to address an issue that affects Internet Explorer 9 and earlier versions if a user views a website hosting malicious code. Internet Explorer 10 is not affected. We have received reports of only a small number of targeted attacks and are working to...

For Update Tuesday we’re releasing seven security bulletins – three Critical-class and four Important – addressing 26 unique CVEs to further improve the security postures of Microsoft Windows, Internet Explorer, Dynamics AX, Microsoft Lync, and the Microsoft .NET Framework. In...

Hi everyone – Mike Reavey here. Today, we’re releasing our December set of security updates. As we do every month, we're providing a heads-up on what’s coming in this month’s release as well as offering links to more information so you can plan your deployment. However...

Revision Note: V1.0 (December 8, 2009): Advisory published. Summary: Microsoft is announcing the availability of an update that provides security mitigations to the Indeo codec on supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. More...

Revision Note: V1.2 (June 9, 2010): Added information about MS10-035 and clarified a FAQ entry about the caching vector. Summary: Microsoft is investigating new public reports of a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet...

Revision Note: V1.3 (January 11, 2011): Revised the workaround, Prevent the recursive loading of CSS style sheets in Internet Explorer, to add the impact for the workaround.Summary: Microsoft is investigating new, public reports of limited attacks attempting to exploit a vulnerability in all...

Revision Note: V1.3 (January 11, 2011): Revised the workaround, Prevent the recursive loading of CSS style sheets in Internet Explorer, to add the impact for the workaround. Advisory Summary:Microsoft is investigating new, public reports of limited attacks attempting to exploit a vulnerability...

Revision Note: V1.2 (January 11, 2011): Added the workaround, Prevent the recursive loading of CSS style sheets in Internet Explorer, and revised Executive Summary to reflect investigation of limited attacks. Advisory Summary:Microsoft is investigating new, public reports of targeted attacks...

Revision Note: V1.0 (December 22, 2010): Advisory published. Advisory Summary:Microsoft is investigating new, public reports of a vulnerability in all supported versions of Internet Explorer. The main impact of the vulnerability is remote code execution. This advisory contains workarounds and...

Revision Note: V1.1 (November 3, 2010): Added the opening of HTML mail in the Restricted sites zone as a mitigating factor, the automated Microsoft Fix it solution to the CSS workaround, and a finder acknowledgment. Removed reading e-mail in plain text as a workaround. Also clarified content in...