mitigations

Original release date: November 14, 2014 Systems Affected Microsoft Windows Vista, 7, 8, 8.1, RT, and RT 8.1 Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2 Microsoft Windows XP and 2000 may also be affected. Overview A critical vulnerability in...

Over the years, we've put a lot of work into helping secure the computing ecosystem and limiting the number of issues in our products. The security researcher community is critical to these efforts, as they help us find vulnerabilities in our software that we may have missed. Now we're taking...

Today, we released Security Advisory 2847140 regarding an issue that impacts Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically...

Today, we released Security Advisory 2794220 regarding an issue that impacts Internet Explorer 6, 7, and 8. We are only aware of a very small number of targeted attacks at this time. This issue allows remote code execution if users browse to a malicious website with an affected browser. This...

Today we released Security Advisory 2757760 to address an issue that affects Internet Explorer 9 and earlier versions if a user views a website hosting malicious code. Internet Explorer 10 is not affected. We have received reports of only a small number of targeted attacks and are working to...

For Update Tuesday we’re releasing seven security bulletins – three Critical-class and four Important – addressing 26 unique CVEs to further improve the security postures of Microsoft Windows, Internet Explorer, Dynamics AX, Microsoft Lync, and the Microsoft .NET Framework. In...

Hi everyone – Mike Reavey here. Today, we’re releasing our December set of security updates. As we do every month, we're providing a heads-up on what’s coming in this month’s release as well as offering links to more information so you can plan your deployment. However...

Revision Note: V1.0 (December 8, 2009): Advisory published. Summary: Microsoft is announcing the availability of an update that provides security mitigations to the Indeo codec on supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. More...

Revision Note: V1.2 (June 9, 2010): Added information about MS10-035 and clarified a FAQ entry about the caching vector. Summary: Microsoft is investigating new public reports of a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet...

Revision Note: V1.3 (January 11, 2011): Revised the workaround, Prevent the recursive loading of CSS style sheets in Internet Explorer, to add the impact for the workaround.Summary: Microsoft is investigating new, public reports of limited attacks attempting to exploit a vulnerability in all...

Revision Note: V1.3 (January 11, 2011): Revised the workaround, Prevent the recursive loading of CSS style sheets in Internet Explorer, to add the impact for the workaround. Advisory Summary:Microsoft is investigating new, public reports of limited attacks attempting to exploit a vulnerability...

Revision Note: V1.2 (January 11, 2011): Added the workaround, Prevent the recursive loading of CSS style sheets in Internet Explorer, and revised Executive Summary to reflect investigation of limited attacks. Advisory Summary:Microsoft is investigating new, public reports of targeted attacks...

Revision Note: V1.0 (December 22, 2010): Advisory published. Advisory Summary:Microsoft is investigating new, public reports of a vulnerability in all supported versions of Internet Explorer. The main impact of the vulnerability is remote code execution. This advisory contains workarounds and...

Revision Note: V1.1 (November 3, 2010): Added the opening of HTML mail in the Restricted sites zone as a mitigating factor, the automated Microsoft Fix it solution to the CSS workaround, and a finder acknowledgment. Removed reading e-mail in plain text as a workaround. Also clarified content in...

Revision Note: V1.1 (November 3, 2010): Added the opening of HTML mail in the Restricted sites zone as a mitigating factor, the automated Microsoft Fix it solution to the CSS workaround, and a finder acknowledgment. Removed reading e-mail in plain text as a workaround. Also clarified content in...

Revision Note: V1.1 (November 3, 2010): Added the opening of HTML mail in the Restricted sites zone as a mitigating factor, the automated Microsoft Fix it solution to the CSS workaround, and a finder acknowledgment. Removed reading e-mail in plain text as a workaround. Also clarified content in...

Revision Note: V1.0 (November 3, 2010): Advisory published. Advisory Summary:Microsoft is investigating new, public reports of a vulnerability in all supported versions of Internet Explorer. The main impact of the vulnerability is remote code execution. This advisory contains workarounds and...

Today, Microsoft is announcing a shift in philosophy on how we approach the topic of vulnerability disclosure, reframing the practice of "Responsible Disclosure" to "Coordinated Vulnerability Disclosure." In recognition of the endless debate between responsible disclosure and full disclosure...

Hi everyone, Today we released Link Removed due to 404 Error describing a publicly disclosed vulnerability in ASP.NET that affects all versions of the .NET Framework. At this time we are not aware of any attacks using this vulnerability and we encourage customers to review the advisory for...

Revision Note: V1.2 (July 20, 2010): Clarified the vulnerability exploit description and updated the workarounds. Advisory Summary:Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains...