Original release date: September 22, 2021
Summary
Immediate Actions You Can Take Now to Protect Against Conti Ransomware
• Use Link Removed.
• Segment and segregate networks and functions.
• Update your operating system and software.
Note: This Alert uses the MITRE Adversarial Tactics...
Original release date: January 8, 2021
Summary
This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques.
This Alert is a companion alert to Link Removed...
Original release date: October 9, 2020
Summary
This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques.
Note: the analysis in this joint...
Security is a critical component of our products at Microsoft. A strong emphasis on security is a persistent factor throughout our entire development process. Microsoft is committed to designing and developing secure software. Testing is performed both internally and by working closely with the...
asia
authentication
azure
bounty
bug bounty
china
cloud services
cross site scripting
high impact
india
microsoft
mitigations
nullcon
privilegeescalation
research community
security
security program
vulnerabilities
windows 10
workshop
Severity Rating: Important
Revision Note: V1.0 (January 10, 2017): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Edge. This vulnerability could allow elevation of privilege if a user views a specially crafted webpage using Microsoft Edge. An attacker who...
Severity Rating: Important
Revision Note: V1.0 (December 13, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if a locally authenticated attacker runs a specially...
Severity Rating: Important
Revision Note: V1.1 (October 11, 2016): Bulletin revised to correct a CVE ID. CVE-2016-7191 has been changed to CVE-2016-7211. This is an informational change only. Customers who have successfully installed the updates do not need to take any further action.
Summary...
cve
cybersecurity
drivers
important
malware
microsoft windows
ms16-123
october 2016
patch management
privilegeescalation
revision note
security update
software
system security
system update
technology
threat mitigation
update
vulnerabilities
windows kernel
Severity Rating: Important
Revision Note: V1.0 (September 8, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Skype for Business Server and Microsoft Lync Server. The most severe of these vulnerabilities could allow elevation of privilege if a user clicks a...
crafted url
email security
important
instant messenger
lync server
microsoft
ms15-104
patch management
privilegeescalation
remote access
security bulletin
security update
september 2015
skype for business
threats
update
vulnerabilities
web security
Original release date: July 14, 2015 | Last revised: July 15, 2015
Systems Affected
Microsoft Windows systems with Adobe Flash Player installed.
Overview
Used in conjunction, recently disclosed vulnerabilities in Adobe Flash and Microsoft Windows may allow a remote attacker to execute...
Severity Rating: Important
Revision Note: V1.0 (July 14, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows graphics component fails to properly process bitmap conversions. An...
administrative rights
attack vector
authenticated attack
critical
elevation of privilege
graphics component
july 2015
malware
microsoft
ms15-072
patch
privilegeescalation
risk assessment
security
software update
system security
update
vulnerability
windows
Severity Rating: Important
Revision Note: V1.0 (June 9, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker places a malicious .dll file in a local directory on the machine or...
Severity Rating: Important
Revision Note: V1.0 (May 12, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow elevation of privilege if a specially crafted Silverlight application is run on an affected system. To...
application
attacker
crafted application
cybersecurity
elevation of privilege
important
july 2015
microsoft
ms15-049
patch
privilegeescalation
revision note
security
silverlight
system security
technical documentation
update
user security
vulnerability
Original release date: November 19, 2014
Systems Affected
Microsoft Windows Vista, 7, 8, and 8.1
Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2
Overview
A remote escalation of privilege vulnerability exists in implementations of Kerberos Key Distribution...
administrator
attack
bulletin
cve
defense
domain controller
domain user
escalation
impact
kerberos
microsoft
privilegeescalation
remote access
research
security
service tickets
systems affected
update
vulnerability
windows
Severity Rating: Important
Revision Note: V1.0 (August 12, 2014): Bulletin published.
Summary: This security update resolves two privately reported vulnerabilities in Microsoft SQL Server (one in SQL Server Master Data Services and the other in the SQL Server relational database management...
attacks
bulletin
client-side
crafted websites
data services
database
email security
internet explorer
malware
management system
microsoft
phishing
privilegeescalation
revision note
security
sql server
update
user actions
vulnerabilities
web security
Severity Rating: Important
Revision Note: V1.0 (December 10, 2013): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in ASP.NET SignalR. The vulnerability could allow elevation of privilege if an attacker reflects specially crafted JavaScript back to...
Original release date: September 10, 2013
Systems Affected
Windows Operating System and Components
Microsoft Server Software
Microsoft Office
Internet Explorer
Overview
Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these...
automated updates
denial of service
home users
information disclosure
internet explorer
microsoft
office
patch
privilegeescalation
remote code execution
security
security bulletin
september
server
system administration
testing
updates
vulnerabilities
windows
wsus
Original release date: June 17, 2013 | Last revised: June 18, 2013
Systems Affected
Microsoft Windows
Microsoft Internet Explorer
Microsoft Office
Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these...
administration
automated update
cybersecurity
denial of service
information disclosure
internet explorer
june 2013
microsoft
office
patch management
privilegeescalation
remote access
remote code execution
security
security bulletin
software update
system security
updates
vulnerabilities
windows
Severity Rating: Critical
Revision Note: V1.0 (February 12, 2013): Bulletin published.
Summary: This security update resolves publicly disclosed vulnerabilities in Microsoft Exchange Server. The most severe vulnerability is in Microsoft Exchange Server WebReady Document...
critical
exchange server
localservice
microsoft
outlook web app
privilegeescalation
remote code execution
security update
vulnerabilities
webready document viewing