At Black Hat USA each year, we unveil the Top 100 Security Researcher list to reflect the amazing engagement we get from the community. During this period, we had several thousand researchers engage with the Microsoft Security Response Center (MSRC). We appreciate all the partnership and...
acknowledgements
annual report
august 2018
black hat usa
bounty for defense
community engagement
cybersecurity
industry collaboration
microsoft
mitigation bounty
msrc
research impact
research methods
research recognition
researchers
security impact
security researcher
severity
top 100
vulnerabilities
The Link Removed has been in public preview since November 2016. This month marked our first release when security update information was published entirely in the new format. Over the last few months, customers and partners have provided a lot of feedback on the direction and implementation of...
advisories
api
bugs
cve
dashboard
data population
excel
feedback
identifiers
impact
it professionals
machine-readable
msrc
powershell
public preview
security
severity
technet
transparency
update guide
Hi,
Recently when shutting down Windows 7 professional and error is flashed in a window for a very short time. I have been able to see, I believe, and error "Exception 0x80000003" by shutting down repeatedly. I also saw OXEA47337 today and a partial OEXC38... the other day. Additionally, in...
Severity Rating: Critical
Revision Note: V1.0 (August 9, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, and Microsoft Lync. The vulnerabilities could allow remote code execution if a user either visits...
administration
august 2016
bulletin
critical
document
execution
graphics
lync
microsoft
office
patch
remote code execution
revision
security
severity
skype
update
user rights
vulnerabilities
windows
Severity Rating: Important
Revision Note: V1.0 (August 9, 2016): Bulletin published.
Summary: This security update resolves multiple vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a domain-joined...
Severity Rating: Important
Revision Note: V1.0 (May 10, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a...
Severity Rating: Important
Revision Note: V1.0 (August 11, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system...
Severity Rating: Important
Revision Note: V1.0 (April 14, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application...
Severity Rating: Important
Revision Note: V1.0 (March 10, 2015): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if an attacker runs a specially crafted application on an...
Severity Rating: Important
Revision Note: V1.0 (February 10, 2015): Bulletin published.
Summary: This security update resolves one publicly disclosed vulnerability in Microsoft Office. The vulnerability could allow security feature bypass if a user opens a specially crafted Microsoft Office...
Severity Rating: Important
Revision Note: V1.0 (December 9, 2014): Bulletin published.
Summary: This security update resolves four privately reported vulnerabilities in Microsoft Exchange Server. The most severe of these vulnerabilities could allow elevation of privilege if a user clicks a...
attack
bulletin
crafted url
cybersecurity
elevation
email
exchange server
important
instant messenger
link
microsoft
outlook
privilege
protection
revision
security
severity
update
vulnerabilities
web app
Severity Rating: Important
Revision Note: V1.0 (December 9, 2014): Bulletin published.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user browses to a website containing specially crafted...
aslr
attack
browsers
bulletin
compromise
disclosure
graphics
important
information
jpeg
microsoft
patch
public
revision
security
severity
system
update
vulnerability
windows
Today, we provide advance notification for the release of 16 Security Bulletins. Five of these updates are rated Critical, nine are rated as Important, and two are rated Moderate in severity. These updates are for Microsoft Windows, Internet Explorer, Office, Exchange, .NET Framework, Internet...
.net framework
adfs
bulletin
deployment
exchange
guidance
iis
ime
internet explorer
kmd
microsoft
notification
office
rdp
security
severity
testing
update
windows
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.
* MS14-045 - Important
Bulletin Information:
=====================
MS14-045 - Important
- https://technet.microsoft.com/library/security/ms14-045
- Reason for Revision...
Severity Rating: Important
Revision Note: V1.0 (August 12, 2014): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker uses the vulnerability in conjunction with...
Severity Rating:
Revision Note: V1.0 (May 8, 2012): Advisory published.
Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory.
Continue reading...
Severity Rating: Important
Revision Note: V1.4 (January 15, 2014): Bulletin revised to announce a detection change in update 2687356 (a.k.a. 2687442). This is a detection change only. Customers who have already successfully updated their systems do not need to take any action. Note that update...
bulletin
communication
detection
disclosed
elevation
html
microsoft
office
patch
privilege
public
sanitization
security
server
severity
sharepoint
technet
update
vulnerability
web apps
Severity Rating: Important
Revision Note: V2.2 (January 15, 2014): Bulletin revised to announce a detection change in update 2596911. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update...
There are times when we get too close to a topic. We familiarize ourselves with every aspect and nuance, but fail to recognize not everyone else has done the same. Whether you consider this myopia, navel-gazing, or human nature, the effect is the same. I recognized this during the recent webcast...
advisory
asp.net
authenticode
bulletin
code execution
cumulative update
cves
december 2013
deployment
internet explorer
it staff
microsoft
mitigation
patch management
remote code execution
security update
severity
update tuesday
vulnerability
windows
Severity Rating: Important
Revision Note: V1.0 (December 10, 2013): Bulletin published.
Summary: This security update resolves multiple privately reported vulnerabilities in Microsoft Office server software. These vulnerabilities could allow remote code execution if an authenticated attacker...