In Microsoft’s Patch Tuesday for October 2013, the company released MS13-080 to address two critical vulnerabilities that have been actively exploited in limited targeted attacks. The first critical vulnerability in Internet Explorer, the Microso…
Microsoft Security Advisory (2887505) On September 17th, 2013, Microsoft published Security Advisory 2887505, which coverers a remote code execution vulnerability in all supported versions of Microsoft Internet Explorer. The flaw resides in the handling of objects in memory which have been deleted or improperly allocated. Specifically, a use-after-free flaw in the HTML rendering engine (aka Read more…
Late on July 10, Microsoft released a blog post disclosing that they were aware of a zero-day attack in the wild. This attack exploits a previously unpatched Internet Explorer vulnerability (CVE-2013-3163). It’s interesting that the vulnerability was just patched in this month’s Patch Tuesday (July 9), which is perhaps only a coincidence. Although we do Read more…
Revision Note: V2.0 (January 14, 2013): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS13-008 to add…
Revision Note: V2.0 (September 21, 2012): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into public reports of this vulnerability. We have issued MS12-063 to ad…
Revision Note: V1.1 (June 13, 2012): Advisory revised to notify customers that Windows Mobile 6.x, Windows Phone 7, and Windows Phone 7.5 devices are not affected by the issue.
Summary: Microsoft is aware of active attacks usin…
Revision Note: V5.0 (July 6, 2011): Announced the release of an update for Zune HD devices and moved Zune devices to the Non-Affected Devices table.
Summary: Microsoft is aware of nine fraudulent digital certificates issued by …
Revision Note: V2.0 (February 8, 2011): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into public reports of this vulnerability. We have issued MS11-003 to addr…
Revision Note: V2.0 (December 14, 2010): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-090 to ad…
Revision Note: V2.0 (December 8, 2009): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed investigating public reports of this vulnerability. We have issued Microsoft Security Bullet…