Microsoft Vulnerability Research Advisories

Microsoft Vulnerability Research (MSVR) Advisories describe security vulnerabilities that Microsoft or security researchers discovered in third-party products or services, and which Microsoft has disclosed to the affected vendors. Microsoft performs this disclosure to the affected vendor under the procedures described in Coordinated Vulnerability Disclosure.

On this page:

Frequently Asked Questions

Q. What kind of information do MSVR advisories contain?


MSVR advisories contain a top-level summary that states the reason for issuing the advisory, frequently asked questions, and suggested actions. MSVR advisories may be revised as required to reflect new information or guidance.

Q. What are the specific criteria that Microsoft uses to determine whether a security advisory is required?


Our goal is to issue MSVR advisories for security vulnerabilities after we have disclosed them to the affected vendors, so that the vendors could develop remediation. Customers could then use this remediation to help protect themselves.

Q. Could an MSVR advisory become a security bulletin?


No. An MSVR advisory pertains to security vulnerabilities in third-party products or services. A Microsoft security bulletin pertains to security vulnerabilities in Microsoft software.

Q. Why aren't you including information about MSVR advisories in the Microsoft Security Bulletin Advance Notification?


The Microsoft Security Bulletin Advance Notification is about security bulletins that Microsoft is intending to release, and is therefore about vulnerabilities in Microsoft software and their remediation. MSVR advisories, in contrast, are about third-party products and services.

Q. How will customers know when there is a call to action associated with these MSVR advisories?


The MSVR advisory has a Suggested Actions section for describing any action that users may have to take to help protect themselves.

All Published or Updated MSVR Advisories

Disclaimer:The information provided in this page is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Get security bulletin notification  Get security bulletin notifications
Receive up-to-date information in RSS or e-mail format.

MSRC blog  Microsoft Security Response Center (MSRC) blog
View MSRC webcasts, posts, and Q&A for insights on bulletins and advisories.

Report a vulnerability  Report a vulnerability
Contribute to MSRC investigations of security vulnerabilities.