privilege escalation

:eek:

Original release date: September 22, 2021 Summary Immediate Actions You Can Take Now to Protect Against Conti Ransomware • Use Link Removed. • Segment and segregate networks and functions. • Update your operating system and software. Note: This Alert uses the MITRE Adversarial Tactics...

Original release date: January 8, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This Alert is a companion alert to Link Removed...

Original release date: October 9, 2020 Summary This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. Note: the analysis in this joint...

Security is a critical component of our products at Microsoft. A strong emphasis on security is a persistent factor throughout our entire development process. Microsoft is committed to designing and developing secure software. Testing is performed both internally and by working closely with the...

Severity Rating: Important Revision Note: V1.0 (January 10, 2017): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Edge. This vulnerability could allow elevation of privilege if a user views a specially crafted webpage using Microsoft Edge. An attacker who...

Severity Rating: Important Revision Note: V1.0 (December 13, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if a locally authenticated attacker runs a specially...

Severity Rating: Important Revision Note: V1.1 (October 11, 2016): Bulletin revised to correct a CVE ID. CVE-2016-7191 has been changed to CVE-2016-7211. This is an informational change only. Customers who have successfully installed the updates do not need to take any further action. Summary...

Severity Rating: Important Revision Note: V1.0 (September 8, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Skype for Business Server and Microsoft Lync Server. The most severe of these vulnerabilities could allow elevation of privilege if a user clicks a...

Original release date: July 14, 2015 | Last revised: July 15, 2015 Systems Affected Microsoft Windows systems with Adobe Flash Player installed. Overview Used in conjunction, recently disclosed vulnerabilities in Adobe Flash and Microsoft Windows may allow a remote attacker to execute...

Severity Rating: Important Revision Note: V1.0 (July 14, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows graphics component fails to properly process bitmap conversions. An...

Severity Rating: Important Revision Note: V1.0 (June 9, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker places a malicious .dll file in a local directory on the machine or...

Severity Rating: Important Revision Note: V1.0 (May 12, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow elevation of privilege if a specially crafted Silverlight application is run on an affected system. To...

Link Removed

Original release date: November 19, 2014 Systems Affected Microsoft Windows Vista, 7, 8, and 8.1 Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2 Overview A remote escalation of privilege vulnerability exists in implementations of Kerberos Key Distribution...

Severity Rating: Important Revision Note: V1.0 (August 12, 2014): Bulletin published. Summary: This security update resolves two privately reported vulnerabilities in Microsoft SQL Server (one in SQL Server Master Data Services and the other in the SQL Server relational database management...

Severity Rating: Important Revision Note: V1.0 (December 10, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in ASP.NET SignalR. The vulnerability could allow elevation of privilege if an attacker reflects specially crafted JavaScript back to...

Original release date: September 10, 2013 Systems Affected Windows Operating System and Components Microsoft Server Software Microsoft Office Internet Explorer Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these...

Original release date: June 17, 2013 | Last revised: June 18, 2013 Systems Affected Microsoft Windows Microsoft Internet Explorer Microsoft Office Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these...

Severity Rating: Critical Revision Note: V1.0 (February 12, 2013): Bulletin published. Summary: This security update resolves publicly disclosed vulnerabilities in Microsoft Exchange Server. The most severe vulnerability is in Microsoft Exchange Server WebReady Document...