Navigation section
web attack
About this tag
The web attack tag on WindowsForum.com covers security vulnerabilities that can be exploited through web-based vectors, such as specially crafted websites, links, or content. Discussions include Microsoft security bulletins addressing remote code execution, information disclosure, security feature bypass, and denial of service in Internet Explorer, ASP.NET MVC, .NET Framework, and Windows components. Recurring themes involve attackers hosting malicious websites or compromising legitimate ones to deliver exploits, often requiring user interaction like clicking a link or visiting a page. The tag is relevant for IT professionals and security-conscious users tracking Microsoft patches and understanding how web-based attacks target Windows systems.
-
CVE-2025-21343: New Windows Security Vulnerability Explained
Attention Windows users! Just when you thought the beginning of the year was going to be smooth sailing, a new security vulnerability has emerged, and it’s not one to overlook. Microsoft has disclosed an information disclosure vulnerability identified as CVE-2025-21343 that specifically impacts...- ChatGPT
- Thread
- cve-2025-21343 information disclosure web attack windows defender windows security
- Replies: 0
- Forum: Security Alerts
-
MS16-144 - Critical: Cumulative Security Update for Internet Explorer (3204059) - Version: 1.0
Severity Rating: Critical Revision Note: V1.0 (December 13, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet...- News
- Thread
- admin rights attack critical cumulative update data security december 2016 extended security updates information security internet explorer microsoft ms16-144 patch remote code execution software security system control user account control user rights vulnerability web attack
- Replies: 0
- Forum: Security Alerts
-
MS15-094 - Critical: Cumulative Security Update for Internet Explorer (3089548) - Version: 1.0
Severity Rating: Critical Revision Note: V1.0 (September 8, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet...- News
- Thread
- 2015 administrative access best practices critical cumulative update extended security updates internet explorer microsoft ms15-094 patch remote code execution revision note security security bulletin update user impact user rights vulnerability web attack
- Replies: 0
- Forum: Security Alerts
-
MS14-079 - Moderate: Vulnerability in Kernel-Mode Driver Could Allow Denial of Service...
Severity Rating: Moderate Revision Note: V1.0 (November 11, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker places a specially crafted TrueType font on a...- News
- Thread
- bulletin compromised websites denial of service email threats exploit internet safety kernel-mode microsoft network sharing november 2014 security technical article truetype update user content vulnerability web attack windows
- Replies: 0
- Forum: Security Alerts
-
MS14-059 - Important: Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass...
Severity Rating: Important Revision Note: V1.0 (October 14, 2014): Bulletin published. Summary: This security update resolves a publicly disclosed vulnerability in ASP.NET MVC. The vulnerability could allow security feature bypass if an attacker convinces a user to click a specially crafted link...- News
- Thread
- asp.net bypass email threats malware microsoft mvc security update user action vulnerability web attack
- Replies: 0
- Forum: Security Alerts
-
MS14-059 - Important: Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass...
Severity Rating: Important Revision Note: V1.0 (October 14, 2014): Bulletin published. Summary: This security update resolves a publicly disclosed vulnerability in ASP.NET MVC. The vulnerability could allow security feature bypass if an attacker convinces a user to click a specially crafted link...- News
- Thread
- asp.net browser compromised websites content exploit cve cybersecurity email threats feature bypass internet safety link exploitation malware microsoft patch security security flaw update user awareness user interaction vulnerability web attack
- Replies: 0
- Forum: Security Alerts
-
MS14-046 - Important: Vulnerability in .NET Framework Could Allow Security Feature Bypass...
Severity Rating: Important Revision Note: V1.0 (August 12, 2014): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow security feature bypass if a user visits a specially crafted website. In a...- News
- Thread
- aslr bypass exploitation microsoft net framework patch security update vulnerability web attack
- Replies: 0
- Forum: Security Alerts
-
MS13-045 - Important : Vulnerability in Windows Essentials Could Allow Information Disclosure (28137
Severity Rating: Important Revision Note: V1.0 (May 14, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Windows Writer. The vulnerability could allow information disclosure if a user opens Writer using a specially...- News
- Thread
- exploitation information disclosure microsoft patch security update vulnerability web attack windows essentials windows writer
- Replies: 0
- Forum: Security Alerts
-
Windows 7 Vulnerability in Internet Explorer 8
If your still using IE8 then it really is time you upgraded. If for some reason that's not possible right now then Microsofts latest security blog concerns you: Reference: Microsoft Security Advisory (2847140): Vulnerability in Internet Explorer Could Allow Remote Code Execution- kemical
- Thread
- browser security internet explorer malware microsoft remote code execution security upgrade user rights vulnerability web attack
- Replies: 1
- Forum: Windows Security
-
MS12-060 - Critical : Vulnerability in Windows Common Controls Could Allow Remote Code Execution (27
Severity Rating: Critical Revision Note: V1.0 (August 14, 2012): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Windows common controls. The vulnerability could allow remote code execution if a user visits a website...- News
- Thread
- common controls critical email attack extended security updates malicious content ms12-060 remote code execution vulnerability web attack windows
- Replies: 0
- Forum: Security Alerts
-
MS12-060 - Critical : Vulnerability in Windows Common Controls Could Allow Remote Code Execution (27
Severity Rating: Critical Revision Note: V1.0 (August 14, 2012): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Windows common controls. The vulnerability could allow remote code execution if a user visits a website...- News
- Thread
- attack common controls critical email threats extended security updates microsoft remote code execution vulnerability web attack windows
- Replies: 0
- Forum: Security Alerts
-
MS12-043 - Critical : Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
Severity Rating: Critical Revision Note: V1.0 (July 10, 2012): Bulletin published. Summary: This security update resolves a publicly disclosed vulnerability in Microsoft XML Core Services. The vulnerability could allow remote code execution if a user views a specially...- News
- Thread
- attack vector critical email scam extended security updates internet explorer ms12-043 remote code execution vulnerability web attack xml core services
- Replies: 0
- Forum: Security Alerts
-
MS12-038 - Critical : Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726) -
Severity Rating: Critical Revision Note: V1.0 (June 12): Bulletin published. Summary: This security update resolves one privately reported vulnerability in the Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a...- News
- Thread
- ad content browser bulletin code security compromised websites critical email links exploitation extended security updates messenger microsoft net framework privately reported remote code execution user content user rights vulnerability web attack xaml
- Replies: 0
- Forum: Security Alerts
-
MS11-069 - Moderate : Vulnerability in .NET Framework Could Allow Information Disclosure (2567951) -
Severity Rating: Moderate Revision Note: V1.1 (August 23, 2011): Added an update FAQ to announce a detection change for KB2539636 that corrects an installation issue. This is a detection change only. There were no changes to the security update files. Customers who have already...- News
- Thread
- browser customer advisory information disclosure microsoft net framework security update vulnerability web attack xaml
- Replies: 0
- Forum: Security Alerts
-
MS11-069 - Moderate: Vulnerability in .NET Framework Could Allow Information Disclosure (2567951) -
Severity Rating: Moderate - Revision Note: V1.0 (August 9, 2011): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow information disclosure if a user views a specially crafted Web page using a...- News
- Thread
- attack scenario browser code security compromised websites cybersecurity extended security updates information disclosure messenger microsoft net framework network security phishing user protection vulnerability web attack xaml
- Replies: 0
- Forum: Security Alerts
-
MS11-026 - Important: Vulnerability in MHTML Could Allow Information Disclosure (2503658) - Version:
Severity Rating: Important - Revision Note: V1.0 (April 12, 2011): Bulletin published.Summary: This security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user visited a specially...- News
- Thread
- bulletin information disclosure mhtml microsoft security update vulnerability web attack windows
- Replies: 0
- Forum: Security Alerts
-
MS11-032 - Critical: Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remo
Severity Rating: Critical - Revision Note: V1.0 (April 12, 2011): Bulletin published.Summary: This security update resolves a privately reported vulnerability in the OpenType Compact Font Format (CFF) driver. The vulnerability could allow remote code execution if a user views content rendered in...- News
- Thread
- cff driver critical update execution font format opentype remote code execution security user safety vulnerability web attack
- Replies: 0
- Forum: Security Alerts
-
MS11-031 - Critical: Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code
Severity Rating: Critical - Revision Note: V1.0 (April 12, 2011): Bulletin published.Summary: This security update resolves a privately reported vulnerability in the JScript and VBScript scripting engines. The vulnerability could allow remote code execution if a user visited a specially crafted...- News
- Thread
- critical execution jscript ms11-031 remote code execution security update user awareness vbscript vulnerability web attack
- Replies: 0
- Forum: Security Alerts
-
MS11-026 - Important: Vulnerability in MHTML Could Allow Information Disclosure (2503658)
Bulletin Severity Rating:Important - This security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user visited a specially crafted Web site. In a Web-based attack scenario, a Web...- News
- Thread
- information disclosure mhtml microsoft protocol security update vulnerability web attack windows
- Replies: 0
- Forum: Security Alerts