severity rating

At Black Hat USA each year, we unveil the Top 100 Security Researcher list to reflect the amazing engagement we get from the community. During this period, we had several thousand researchers engage with the Microsoft Security Response Center (MSRC). We appreciate all the partnership and...

For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence. It may help to start with some history. In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence...

The Link Removed has been in public preview since November 2016. This month marked our first release when security update information was published entirely in the new format. Over the last few months, customers and partners have provided a lot of feedback on the direction and implementation of...

Severity Rating: Important Revision Note: V1.0 (March 14, 2017): Click here to enter text. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious...

Severity Rating: Critical Revision Note: V1.0 (March 14, 2017): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker running inside a virtual machine runs a...

Severity Rating: Important Revision Note: V1.0 (March 14, 2017): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow an Information Disclosure if Windows DirectShow opens specially crafted media content that is hosted on...

Hi, Recently when shutting down Windows 7 professional and error is flashed in a window for a very short time. I have been able to see, I believe, and error "Exception 0x80000003" by shutting down repeatedly. I also saw OXEA47337 today and a partial OEXC38... the other day. Additionally, in...

Severity Rating: Important Revision Note: V1.0 (January 10, 2017): Bulletin Published Summary: A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability...

Severity Rating: Important Revision Note: V1.0 (November 8, 2016): Bulletin published. Summary: The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker can manipulate files in locations not intended to be available to the user by exploiting this...

Severity Rating: Important Revision Note: V1.0 (October 11, 2016): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Office. An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly...

Severity Rating: Important Revision Note: V1.0 (September 13, 2016): Bulletin published. Summary: This security update resolves multiple vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker creates a specially crafted...

Severity Rating: Important Revision Note: V1.0 (August 9, 2016): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker installs an affected boot manager and bypasses Windows security...

Severity Rating: Critical Revision Note: V1.0 (August 9, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, and Microsoft Lync. The vulnerabilities could allow remote code execution if a user either visits...

Severity Rating: Important Revision Note: V1.0 (August 9, 2016): Bulletin published. Summary: This security update resolves multiple vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a domain-joined...

Severity Rating: Important Revision Note: V1.0 (July 12, 2016): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker uploads a specially crafted XML file to web-based...

Severity Rating: Important Revision Note: V1.0 (June 14, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if a user opens a specially crafted document or visits a...

Severity Rating: Important Revision Note: V1.1 (May 11, 2016): Bulletin revised to change the vulnerability impact from elevation of privilege to remote code execution, and the title of CVE 2016-0178 to RPC Network Data Representation Engine Remote Code Execution Vulnerability. This is an...

Severity Rating: Important Revision Note: V1.0 (May 10, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a...

Severity Rating: Important Revision Note: V1.0 (May 10, 2016): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application. An...

Severity Rating: Important Revision Note: V1.0 (September 8, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker runs a specially crafted application that could cause Windows...