Acknowledgments - 2015
Microsoft extends thanks to the following for working with us to help protect customers.
Bulletin ID | Vulnerability Title | CVE ID | Acknowledgment |
---|---|---|---|
December 2015 | |||
MS15-135 | Windows Kernel Memory Elevation of Privilege Vulnerability | CVE-2015-6171 | Nils Sommer of bytegeist, working with Google Project Zero |
MS15-135 | Windows Kernel Memory Elevation of Privilege Vulnerability | CVE-2015-6173 | Nils Sommer of bytegeist, working with Google Project Zero |
MS15-135 | Windows Kernel Memory Elevation of Privilege Vulnerability | CVE-2015-6174 | Nils Sommer of bytegeist, working with Google Project Zero |
MS15-135 | Windows Kernel Memory Elevation of Privilege Vulnerability | CVE-2015-6175 | ChenDong Li of Tencent |
MS15-134 | Windows Media Center Information Disclosure Vulnerability | CVE-2015-6127 | Francisco Falcon of Core Security |
MS15-134 | Media Center Library Parsing RCE Vulnerability | CVE-2015-6131 | Zhang YunHai of NSFOCUS Security Team |
MS15-134 | Windows Library Loading Remote Code Execution Vulnerability | CVE-2015-6128 | Steven Vittitoe of Google Project Zero |
MS15-134 | Windows Library Loading Remote Code Execution Vulnerability | CVE-2015-6128 | Parvez Anwar |
MS15-132 | Windows Library Loading Remote Code Execution Vulnerability | CVE-2015-6132 | Yorick Koster of Securify B.V. |
MS15-132 | Windows Library Loading Remote Code Execution Vulnerability | CVE-2015-6132 | Steven Vittitoe of Google Project Zero |
MS15-131 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-6040 | Steven Vittitoe of Google Project Zero |
MS15-131 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-6118 | Kai Lu of Fortinet's FortiGuard Labs |
MS15-131 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-6122 | Steven Vittitoe of Google Project Zero |
MS15-131 | Microsoft Office RCE Vulnerability | CVE-2015-6172 | Haifei Li |
MS15-131 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-6177 | Kai Lu of Fortinet's FortiGuard Labs |
MS15-130 | Windows Integer Underflow Vulnerability | CVE-2015-6130 | Hossein Lotfi, Secunia Research (now part of Flexera Software) |
MS15-129 | Microsoft Silverlight Information Disclosure Vulnerability | CVE-2015-6165 | Marcin 'Icewall' Noga of Cisco Talos |
MS15-128 | Graphics Memory Corruption Vulnerability | CVE-2015-6106 | Steven Vittitoe of Google Project Zero |
MS15-128 | Graphics Memory Corruption Vulnerability | CVE-2015-6107 | Steven Vittitoe of Google Project Zero |
MS15-126 | Scripting Engine Information Disclosure Vulnerability | CVE-2015-6135 | Simon Zuckerbraun, working with HP’s Zero Day Initiative |
MS15-126 | Scripting Engine Memory Corruption Vulnerability | CVE-2015-6136 | Simon Zuckerbraun, working with HP’s Zero Day Initiative |
MS15-126 | Scripting Engine Memory Corruption Vulnerability | CVE-2015-6136 | An anonymous researcher, working with HP’s Zero Day Initiative |
MS15-126 | Scripting Engine Memory Corruption Vulnerability | CVE-2015-6136 | Yuki Chen of Qihoo 360Vulcan Team |
MS15-126 | Scripting Engine Memory Corruption Vulnerability | CVE-2015-6137 | Anonymous contributor, working with VeriSign iDefense Labs |
MS15-125 | Microsoft Browser Elevation of Privilege Vulnerability | CVE-2015-6139 | Michal Bentkowski |
MS15-125 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6140 | Bo Qu of Palo Alto Networks |
MS15-125 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6142 | Simon Zuckerbraun, working with HP’s Zero Day Initiative |
MS15-125 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6142 | Zheng Huang of the Baidu Scloud XTeam, working with VeriSign iDefense Labs |
MS15-125 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6148 | A3F2160DCA1BDE70DA1D99ED267D5DC1EC336192, working with HP’s Zero Day Initiative |
MS15-125 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6151 | Li Kemeng of Baidu Security Team(x-Team) , working with HP’s Zero Day Initiative |
MS15-125 | Microsoft Edge Memory Corruption Vulnerability | CVE-2015-6153 | Shi Ji (@Puzzor) of VARAS@IIE |
MS15-125 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6154 | ChenDong Li and YunZe Ni of Tencent |
MS15-125 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6155 | Zheng Huang of the Baidu Scloud XTeam, working with VeriSign iDefense Labs |
MS15-125 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6158 | Zheng Huang of the Baidu Scloud XTeam, working with VeriSign iDefense Labs |
MS15-125 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6159 | Zheng Huang of the Baidu Scloud XTeam |
MS15-125 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6159 | Jason Kratzer, working with HP’s Zero Day Initiative |
MS15-125 | Microsoft Browser ASLR Bypass | CVE-2015-6161 | Rh0 |
MS15-125 | Microsoft Edge Memory Corruption Vulnerability | CVE-2015-6168 | SkyLined, working with HP’s Zero Day Initiative |
MS15-125 | Microsoft Edge Spoofing Vulnerability | CVE-2015-6169 | Stephan Brunner |
MS15-125 | Microsoft Edge Elevation of Privilege Vulnerability | CVE-2015-6170 | Mario Heiderich of Cure53 |
MS15-125 | Microsoft Edge XSS Filter Bypass Vulnerability | CVE-2015-6176 | Masato Kinugawa |
MS15-124 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6083 | Hui Gao of Palo Alto Networks |
MS15-124 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6083 | B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative |
MS15-124 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6134 | SkyLined, working with HP’s Zero Day Initiative |
MS15-124 | Scripting Engine Information Disclosure Vulnerability | CVE-2015-6135 | Simon Zuckerbraun, working with HP’s Zero Day Initiative |
MS15-124 | Scripting Engine Information Disclosure Vulnerability | CVE-2015-6136 | Simon Zuckerbraun, working with HP’s Zero Day Initiative |
MS15-124 | Microsoft Browser Elevation of Privilege Vulnerability | CVE-2015-6139 | Michal Bentkowski |
MS15-124 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6140 | Bo Qu of Palo Alto Networks |
MS15-124 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6141 | B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative |
MS15-124 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6142 | Simon Zuckerbraun, working with HP’s Zero Day Initiative |
MS15-124 | Microsoft Browser XSS Filter Bypass Vulnerability | CVE-2015-6144 | Masato Kinugawa |
MS15-124 | Microsoft Browser XSS Filter Bypass Vulnerability | CVE-2015-6144 | Filedescriptor |
MS15-124 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6145 | Cong Zhang and Yi Jiang, working with Beijing VRV Software Co., LTD. |
MS15-124 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6146 | Bo Qu of Palo Alto Networks |
MS15-124 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6147 | B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative |
MS15-124 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6148 | A3F2160DCA1BDE70DA1D99ED267D5DC1EC336192, working with HP’s Zero Day Initiative |
MS15-124 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6149 | B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative |
MS15-124 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6150 | B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative |
MS15-124 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6151 | Li Kemeng of Baidu Security Team(x-Team) , working with HP’s Zero Day Initiative |
MS15-124 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6152 | Moritz Jodeit of Blue Frost Security |
MS15-124 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6153 | Shi Ji (@Puzzor) of VARAS@IIE |
MS15-124 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6154 | ChenDong Li and YunZe Ni of Tencent |
MS15-124 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6155 | Zheng Huang of the Baidu Scloud XTeam, working with VeriSign iDefense Labs |
MS15-124 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6156 | Anonymous contributor, working with VeriSign iDefense Labs |
MS15-124 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6157 | Zheng Huang of the Baidu Scloud XTeam, working with VeriSign iDefense Labs |
MS15-124 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6158 | Zheng Huang of the Baidu Scloud XTeam, working with VeriSign iDefense Labs |
MS15-124 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6159 | Zheng Huang of the Baidu Scloud XTeam |
MS15-124 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6159 | Jason Kratzer, working with HP’s Zero Day Initiative |
MS15-124 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6160 | Garage4Hackers, working with HP’s Zero Day Initiative |
MS15-124 | Internet Explorer ASLR Bypass | CVE-2015-6161 | Rh0 |
MS15-124 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6162 | Wenxiang Qian of TencentQQBrowser |
November 2015 | |||
MS15-123 | Server Input Validation Information Disclosure Vulnerability | CVE-2015-6061 | Fatih Ozavci - Sense of Security |
MS15-122 | Windows Kerberos Security Feature Bypass | CVE-2015-6095 | Ian Haken of Synopsys Inc. |
MS15-119 | Winsock Elevation of Privilege Vulnerability | CVE-2015-2478 | Alex Ionescu of Winsider Seminars & Solutions Inc. |
MS15-119 | Winsock Elevation of Privilege Vulnerability | CVE-2015-2478 | Thomas Faber, of CrowdStrike Inc. |
MS15-118 | .NET Elevation of Privilege Vulnerability | CVE-2015-6099 | John Page aka hyp3rlinx |
MS15-117 | Windows NDIS Elevation of Privilege Vulnerability | CVE-2015-6098 | Nils Sommer of bytegeist, working with Google Project Zero |
MS15-116 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-6038 | Steven Seeley of Source Incite, working with HP’s Zero Day Initiative |
MS15-116 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-6091 | Steven Vittitoe of Google Project Zero |
MS15-116 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-6092 | Steven Vittitoe of Google Project Zero |
MS15-116 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-6093 | SignalSEC Research, working with HP’s Zero Day Initiative |
MS15-116 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-6094 | Steven Seeley of Source Incite, working with HP’s Zero Day Initiative |
MS15-116 | Microsoft Outlook for Mac Spoofing Vulnerability | CVE-2015-6123 | Mark Robbins Rebelmail |
MS15-115 | Windows Kernel Memory Elevation of Privilege Vulnerability | CVE-2015-6100 | Nils Sommer of bytegeist, working with Google Project Zero |
MS15-115 | Windows Kernel Memory Elevation of Privilege Vulnerability | CVE-2015-6101 | Nils Sommer of bytegeist, working with Google Project Zero |
MS15-115 | Windows Kernel Memory Information Disclosure Vulnerability | CVE-2015-6102 | Nils Sommer of bytegeist, working with Google Project Zero |
MS15-115 | Windows Graphics Memory Remote Code Execution Vulnerability | CVE-2015-6103 | Mateusz Jurczyk of Google Project Zero |
MS15-115 | Windows Graphics Memory Remote Code Execution Vulnerability | CVE-2015-6104 | Mateusz Jurczyk of Google Project Zero |
MS15-115 | Windows Kernel Security Feature Bypass Vulnerability | CVE-2015-6113 | James Forshaw of Google Project Zero |
MS15-114 | Windows Journal Heap Overflow Vulnerability | CVE-2015-6097 | Jason Kratzer, working with VeriSign iDefense Labs |
MS15-113 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6064 | Simon Zuckerbraun, working with HP’s Zero Day Initiative |
MS15-113 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6073 | Kai Kang of Tencent's Xuanwu LAB |
MS15-113 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6078 | Bo Qu of Palo Alto Networks |
MS15-113 | Microsoft Browser ASLR Bypass | CVE-2015-6088 | JaeHun Jeong |
MS15-112 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6064 | Simon Zuckerbraun, working with HP’s Zero Day Initiative |
MS15-112 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6065 | Jason Kratzer, working with VeriSign iDefense Labs |
MS15-112 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6065 | B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative |
MS15-112 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6066 | Bo Qu of Palo Alto Networks |
MS15-112 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6068 | Zheng Huang of the Baidu Scloud XTeam, working with VeriSign iDefense Labs |
MS15-112 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6069 | Bo Qu of Palo Alto Networks |
MS15-112 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6070 | Tongbo Luo of Palo Alto Networks |
MS15-112 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6070 | Bo Qu of Palo Alto Networks |
MS15-112 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6071 | Bo Qu of Palo Alto Networks |
MS15-112 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6072 | Kai Kang of Tencent's Xuanwu LAB |
MS15-112 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6073 | Kai Kang of Tencent's Xuanwu LAB |
MS15-112 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6075 | 0011, working with HP’s Zero Day Initiative |
MS15-112 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6076 | Anonymous, working with HP’s Zero Day Initiative |
MS15-112 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6077 | 0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative, and Linan Hao of Qihoo 360 |
MS15-112 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6077 | Linan Hao of Qihoo 360 Vulcan Team |
MS15-112 | Microsoft Browser Memory Corruption Vulnerability | CVE-2015-6078 | Bo Qu of Palo Alto Networks |
MS15-112 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6079 | Zheng Huang of the Baidu Scloud XTeam |
MS15-112 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6080 | Zheng Huang of the Baidu Scloud XTeam |
MS15-112 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6081 | B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative |
MS15-112 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6082 | Zheng Huang of the Baidu Scloud XTeam |
MS15-112 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6084 | Zheng Huang of the Baidu Scloud XTeam, working with VeriSign iDefense Labs |
MS15-112 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6085 | Jason Kratzer, working with VeriSign iDefense Labs |
MS15-112 | Internet Explorer Information Disclosure Vulnerability | CVE-2015-6086 | Ashfaq Ansari, working with HP’s Zero Day Initiative |
MS15-112 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6087 | Bo Qu of Palo Alto Networks |
MS15-112 | Scripting Engine Memory Corruption Vulnerability | CVE-2015-6089 | Yuki Chen of Qihoo 360 Vulcan Team |
MS15-099 | Microsoft Office Malformed EPS File Vulnerability | CVE-2015-2545 | Genwei Jiang of FireEye, Inc. |
SA3108638 | N/A | CVE-2015-5307 | Ben Serebrin of Google |
October 2015 | |||
MS15-111 | Windows Kernel Memory Corruption Vulnerability | CVE-2015-2549 | dbc282f4f2f7d2466fa0078bf8034d99 |
MS15-111 | Windows Elevation of Privilege Vulnerability | CVE-2015-2550 | Ashutosh Mehra, working with HP’s Zero Day Initiative |
MS15-111 | Windows Mount Point Elevation of Privilege Vulnerability | CVE-2015-2553 | James Forshaw of Google Project Zero |
MS15-111 | Windows Object Reference Elevation of Privilege Vulnerability | CVE-2015-2554 | James Forshaw of Google Project Zero |
MS15-110 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-2555 | 3S Labs, working with HP’s Zero Day Initiative |
MS15-110 | Microsoft Sharepoint Information Disclosure Vulnerability | CVE-2015-2556 | Jakub Palaczynski of ING Services Polska |
MS15-110 | Microsoft Office Memory Corruption Vulnerabilties | CVE-2015-2557 | kdot, working with HP’s Zero Day Initiative |
MS15-110 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-2558 | 3S Labs, working with HP’s Zero Day Initiative |
MS15-109 | Toolbar Use After Free Vulnerability | CVE-2015-2515 | Heige (a.k.a. SuperHei) from Knownsec 404 Security Team |
MS15-109 | Microsoft Tablet Input Band Use After Free Vulnerability | CVE-2015-2548 | Heige (a.k.a. SuperHei) from Knownsec 404 Security Team and Hui Gao of Palo Alto Networks |
MS15-108 | Scripting Engine Memory Corruption Vulnerability | CVE-2015-2482 | Skylined, working with HP’s Zero Day Initiative |
MS15-108 | VBScript and JScript ASLR Bypass | CVE-2015-6052 | Bill Finlayson, Vectra Networks |
MS15-108 | Scripting Engine Memory Corruption Vulnerability | CVE-2015-6055 | Simon Zuckerbraun, working with HP’s Zero Day Initiative |
MS15-108 | Scripting Engine Memory Corruption Vulnerability | CVE-2015-6055 | An anonymous researcher, working with HP’s Zero Day Initiative |
MS15-108 | Scripting Engine Information Disclosure Vulnerability | CVE-2015-6059 | Takeshi Terada of Mitsui Bussan Secure Directions, Inc. |
MS15-107 | Microsoft Edge XSS Filter Bypass | CVE-2015-6058 | Noriaki Iwasaki of Cyber Defense Institute, Inc. |
MS15-107 | Microsoft Edge XSS Filter Bypass | CVE-2015-6058 | Masato Kinugawa, Individual |
MS15-107 | Microsoft Edge Information Disclosure Vulnerability | CVE-2015-6057 | Mario Heiderich of Cure53 |
MS15-106 | Scripting Engine Memory Corruption Vulnerability | CVE-2015-2482 | Skylined, working with HP’s Zero Day Initiative |
MS15-106 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6042 | Garage4Hackers, working with HP’s Zero Day Initiative |
MS15-106 | Internet Explorer Elevation of Privilege Vulnerability | CVE-2015-6044 | Jack Tang of Trend Micro |
MS15-106 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6045 | Zheng Huang of the Baidu Scloud XTeam, working with HP’s Zero Day Initiative |
MS15-106 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6045 | Kai Kang of Tencent's Xuanwu LAB |
MS15-106 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6046 | Jason Kratzer, working with VeriSign iDefense Labs |
MS15-106 | Internet Explorer Elevation of Privilege Vulnerability | CVE-2015-6047 | Ashutosh Mehra, working with HP’s Zero Day Initiative |
MS15-106 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6048 | Tongbo Luo of Palo Alto Networks |
MS15-106 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6048 | Hui Gao of Palo Alto Networks |
MS15-106 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6048 | Dhanesh Kizhakkinan of FireEye, Inc. |
MS15-106 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6049 | Heige (a.k.a. SuperHei) from Knownsec 404 Security Team |
MS15-106 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-6050 | Zheng Huang of the Baidu Scloud XTeam, working with HP’s Zero Day Initiative |
MS15-106 | Internet Explorer Elevation of Privilege Vulnerability | CVE-2015-6051 | Ashutosh Mehra, working with HP’s Zero Day Initiative |
MS15-106 | VBScript and JScript ASLR Bypass | CVE-2015-6052 | Bill Finlayson, Vectra Networks |
MS15-106 | Internet Explorer Information Disclosure Vulnerability | CVE-2015-6053 | CK, working with HP’s Zero Day Initiative |
MS15-106 | Scripting Engine Memory Corruption Vulnerability | CVE-2015-6055 | An anonymous researcher, working with HP’s Zero Day Initiative |
MS15-106 | Scripting Engine Memory Corruption Vulnerability | CVE-2015-6056 | Aakash Jain and Dhanesh Kizhakkinan of FireEye, Inc. |
MS15-106 | Scripting Engine Information Disclosure Vulnerability | CVE-2015-6059 | Takeshi Terada of Mitsui Bussan Secure Directions, Inc. |
MS15-106 | Scripting Engine Memory Corruption Vulnerability | CVE-2015-6184 | Zheng Huang of the Baidu Scloud XTeam, working with HP’s Zero Day Initiative |
MS15-106 | Defense-in-depth | ------------------- | Mario Heiderich of Cure53 |
September 2015 | |||
MS15-103 | Exchange Information Disclosure Vulnerability | CVE-2015-2505 | John Page of hyp3rlinx |
MS15-103 | Exchange Spoofing Vulnerability | CVE-2015-2543 | Abdulrahman Alqabandi |
MS15-103 | Exchange Spoofing Vulnerability | CVE-2015-2544 | Justin Khoo of FreshInbox |
MS15-102 | Windows Task Management Elevation of Privilege Vulnerability | CVE-2015-2524 | James Forshaw of Google Project Zero |
MS15-102 | Windows Task File Deletion Elevation of Privilege Vulnerability | CVE-2015-2525 | James Forshaw of Google Project Zero |
MS15-102 | Windows Task Management Elevation of Privilege Vulnerability | CVE-2015-2528 | James Forshaw of Google Project Zero |
MS15-101 | .NET Elevation of Privilege Vulnerability | CVE-2015-2504 | Yorick Koster of Securify B.V. |
MS15-101 | MVC Denial of Service Vulnerability | CVE-2015-2526 | Roberto Suggi Liverani of NCIA (NATO Communications and Information Agency) |
MS15-100 | Windows Media Center RCE Vulnerability | CVE-2015-2509 | Aaron Luo, Kenney Lu, and Ziv Chang of TrendMicro |
MS15-099 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-2520 | Steven Vittitoe of Google Project Zero |
MS15-099 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-2521 | Steven Vittitoe of Google Project Zero |
MS15-099 | Microsoft SharePoint XSS Spoofing Vulnerability | CVE-2015-2522 | This vulnerability was discovered by Fortinet's FortiGuard Labs. |
MS15-099 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-2523 | Steven Vittitoe of Google Project Zero |
MS15-099 | Microsoft Office Malformed EPS File Vulnerability | CVE-2015-2545 | Genwei Jiang of FireEye, Inc. |
MS15-098 | Windows Journal RCE Vulnerability | CVE-2015-2513 | Phil Blankenship of BeyondTrust Inc |
MS15-098 | Windows Journal DoS Vulnerability | CVE-2015-2514 | Kai Lu of Fortinet's FortiGuard Labs |
MS15-098 | Windows Journal DoS Vulnerability | CVE-2015-2516 | Kai Lu of Fortinet's FortiGuard Labs |
MS15-097 | OpenType Font Parsing Vulnerability | CVE-2015-2506 | Piotr Bania and Andrea Allievi of Cisco Talos |
MS15-097 | Font Driver Elevation of Privilege Vulnerability | CVE-2015-2507 | Nils Sommer of bytegeist, working with Google Project Zero |
MS15-097 | Font Driver Elevation of Privilege Vulnerability | CVE-2015-2508 | James Forshaw of Google Project Zero |
MS15-097 | Graphics Component Buffer Overflow Vulnerability | CVE-2015-2510 | Steven Vittitoe of Google Project Zero |
MS15-097 | Font Driver Elevation of Privilege Vulnerability | CVE-2015-2511 | Nils Sommer of bytegeist, working with Google Project Zero |
MS15-097 | Font Driver Elevation of Privilege Vulnerability | CVE-2015-2512 | Nils Sommer of bytegeist, working with Google Project Zero |
MS15-097 | Win32k Memory Corruption Elevation of Privilege Vulnerability | CVE-2015-2517 | Nils Sommer of bytegeist, working with Google Project Zero |
MS15-097 | Win32k Memory Corruption Elevation of Privilege Vulnerability | CVE-2015-2518 | Nils Sommer of bytegeist, working with Google Project Zero |
MS15-097 | Win32k Elevation of Privilege Vulnerability | CVE-2015-2527 | James Forshaw of Google Project Zero |
MS15-097 | Kernel ASLR Bypass Vulnerability | CVE-2015-2529 | Matt Tait of Google Project Zero |
MS15-097 | Win32k Memory Corruption Elevation of Privilege Vulnerability | CVE-2015-2546 | Wang Yu of FireEye, Inc. |
MS15-097 | Defense-in-depth | ------------------- | lokihardt@ASRT, working with HP’s Zero Day Initiative |
MS15-096 | Active Directory Denial of Service Vulnerability | CVE-2015-2535 | Andrew Bartlett of Catalyst and the Samba Team |
MS15-095 | Memory Corruption Vulnerability | CVE-2015-2485 | 0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative |
MS15-095 | Memory Corruption Vulnerability | CVE-2015-2486 | 0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative |
MS15-094 | Information Disclosure Vulnerability | CVE-2015-2483 | Shi Ji (@Puzzor) of VARAS@IIE |
MS15-094 | Tampering Vulnerability | CVE-2015-2484 | Haifei Li of Intel Security IPS Research Team |
MS15-094 | Memory Corruption Vulnerability | CVE-2015-2485 | 0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative |
MS15-094 | Memory Corruption Vulnerability | CVE-2015-2486 | 0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative |
MS15-094 | Memory Corruption Vulnerability | CVE-2015-2487 | Pawel Wylecial, working with HP’s Zero Day Initiative |
MS15-094 | Elevation of Privilege Vulnerability | CVE-2015-2489 | 5AECDBC12A3C178E19CF1E3CB5EDAA89, working with HP’s Zero Day Initiative |
MS15-094 | Memory Corruption Vulnerability | CVE-2015-2490 | Bo Qu of Palo Alto Networks |
MS15-094 | Memory Corruption Vulnerability | CVE-2015-2491 | Heige (a.k.a. SuperHei) from Knownsec 404 Security Team |
MS15-094 | Memory Corruption Vulnerability | CVE-2015-2492 | Bo Qu of Palo Alto Networks |
MS15-094 | Memory Corruption Vulnerability | CVE-2015-2492 | Dhanesh Kizhakkinan of FireEye, Inc. |
MS15-094 | Scripting Engine Memory Corruption Vulnerability | CVE-2015-2493 | Bo Qu of Palo Alto Networks |
MS15-094 | Memory Corruption Vulnerability | CVE-2015-2494 | Kai Song (exp-sky) of Tencent's Xuanwu LAB |
MS15-094 | Memory Corruption Vulnerability | CVE-2015-2498 | B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative |
MS15-094 | Memory Corruption Vulnerability | CVE-2015-2499 | B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative |
MS15-094 | Memory Corruption Vulnerability | CVE-2015-2500 | B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative |
MS15-094 | Memory Corruption Vulnerability | CVE-2015-2501 | Sean Verity, working with HP’s Zero Day Initiative |
MS15-094 | Memory Corruption Vulnerability | CVE-2015-2541 | 0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative |
MS15-094 | Defense-in-depth | ------------------- | Yang Yu (@tombkeeper) of Tencent's Xuanwu Lab |
August 2015 | |||
MS15-093 | Memory Corruption Vulnerability | CVE-2015-2502 | Clement Lecigne of Google Inc. |
MS15-092 | RyuJIT Optimization Elevation of Privilege Vulnerability | CVE-2015-2479 | Nick Craver & Marc Gravell of Stack Overflow |
MS15-091 | Memory Corruption Vulnerability | CVE-2015-2441 | Liu Long of the Qihoo 360 Vulcan Team |
MS15-090 | Windows Registry Elevation of Privilege Vulnerability | CVE-2015-2429 | Ashutosh Mehra, working with HP’s Zero Day Initiative |
MS15-090 | Windows Filesystem Elevation of Privilege Vulnerability | CVE-2015-2430 | Ashutosh Mehra, working with HP’s Zero Day Initiative |
MS15-087 | UDDI Services Elevation of Privilege Vulnerability | CVE-2015-2475 | François-Xavier Stellamans from NCI Agency - Cyber Security / NCIRC |
MS15-084 | MSXML Information Disclosure Vulnerability | CVE-2015-2440 | Ucha Gobejishvili, working with HP’s Zero Day Initiative |
MS15-083 | Server Message Block Memory Corruption Vulnerability | CVE-2015-2474 | Tenable Network Security |
MS15-081 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-1642 | This vulnerability was discovered by Fortinet's FortiGuard Labs |
MS15-081 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-1642 | Yong Chuan Koh (@yongchuank) of MWR Labs (@mwrlabs) |
MS15-081 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-1642 | s3tm3m@gmail.com, working with VeriSign iDefense Labs |
MS15-081 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-2467 | Steven Vittitoe of Google Project Zero |
MS15-081 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-2468 | Steven Vittitoe of Google Project Zero |
MS15-081 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-2469 | Steven Vittitoe of Google Project Zero |
MS15-081 | Microsoft Office Integer Underflow Vulnerability | CVE-2015-2470 | Steven Vittitoe of Google Project Zero |
MS15-081 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-2477 | Steven Vittitoe of Google Project Zero |
MS15-081 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-2445 | Jack Tang of Trend Micro |
MS15-080 | Microsoft Office Graphics Component Remote Code Execution Vulnerability | CVE-2015-2431 | Steven Vittitoe of Google Project Zero |
MS15-080 | OpenType Font Parsing Vulnerability | CVE-2015-2432 | Mateusz Jurczyk of Google Project Zero |
MS15-080 | Kernel ASLR Bypass Vulnerability | CVE-2015-2433 | Matt Tait of Google Inc. |
MS15-080 | TrueType Font Parsing Vulnerability | CVE-2015-2435 | KeenTeam's Jihui Lu and Peter Hlavaty, working with HP’s Zero Day Initiative |
MS15-080 | Windows CSRSS Elevation of Privilege Vulnerability | CVE-2015-2453 | Liang Yin of Tencent PC Manager |
MS15-080 | Windows KMD Security Feature Bypass Vulnerability | CVE-2015-2454 | Ashutosh Mehra, working with HP’s Zero Day Initiative |
MS15-080 | TrueType Font Parsing Vulnerability | CVE-2015-2455 | Mateusz Jurczyk of Google Project Zero |
MS15-080 | TrueType Font Parsing Vulnerability | CVE-2015-2455 | KeenTeam's Jihui Lu and Peter Hlavaty, working with HP’s Zero Day Initiative |
MS15-080 | TrueType Font Parsing Vulnerability | CVE-2015-2456 | Mateusz Jurczyk of Google Project Zero |
MS15-080 | OpenType Font Parsing Vulnerability | CVE-2015-2458 | Mateusz Jurczyk of Google Project Zero |
MS15-080 | OpenType Font Parsing Vulnerability | CVE-2015-2459 | Mateusz Jurczyk of Google Project Zero |
MS15-080 | OpenType Font Parsing Vulnerability | CVE-2015-2460 | Mateusz Jurczyk of Google Project Zero |
MS15-080 | OpenType Font Parsing Vulnerability | CVE-2015-2461 | Mateusz Jurczyk of Google Project Zero |
MS15-080 | OpenType Font Parsing Vulnerability | CVE-2015-2462 | Mateusz Jurczyk of Google Project Zero |
MS15-080 | TrueType Font Parsing Vulnerability | CVE-2015-2463 | Mateusz Jurczyk of Google Project Zero |
MS15-080 | TrueType Font Parsing Vulnerability | CVE-2015-2464 | Mateusz Jurczyk of Google Project Zero |
MS15-079 | Memory Corruption Vulnerability | CVE-2015-2442 | Linan Hao of the Qihoo 360 Vulcan Team |
MS15-079 | Memory Corruption Vulnerability | CVE-2015-2443 | An anonymous researcher, working with HP’s Zero Day Initiative |
MS15-079 | Memory Corruption Vulnerability | CVE-2015-2444 | Moritz Jodeit of Blue Frost Security |
MS15-079 | Security Feature Bypass Vulnerability | CVE-2015-2445 | Jack Tang of Trend Micro |
MS15-079 | Memory Corruption Vulnerability | CVE-2015-2446 | Heige (a.k.a. SuperHei) from Knownsec 404 Security Team and Bo Qu of Palo Alto Networks |
MS15-079 | Memory Corruption Vulnerability | CVE-2015-2447 | sweetchip@GRAYHASH |
MS15-079 | Memory Corruption Vulnerability | CVE-2015-2448 | An anonymous researcher, working with HP’s Zero Day Initiative |
MS15-079 | Security Feature Bypass Vulnerability | CVE-2015-2449 | Linan Hao of the Qihoo 360 Vulcan Team |
MS15-079 | Memory Corruption Vulnerability | CVE-2015-2450 | 0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative |
MS15-079 | Memory Corruption Vulnerability | CVE-2015-2451 | 0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative |
MS15-079 | Memory Corruption Vulnerability | CVE-2015-2452 | 0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative |
July 2015 | |||
MS15-078 | OpenType Font Driver Vulnerability | CVE-2015-2426 | Mateusz Jurczyk of Google Project Zero |
MS15-078 | OpenType Font Driver Vulnerability | CVE-2015-2426 | Genwei Jiang of FireEye, Inc. |
MS15-078 | OpenType Font Driver Vulnerability | CVE-2015-2426 | Moony Li of TrendMicro Company |
MS15-077 | ATMFD.DLL Memory Corruption Vulnerability | CVE-2015-2387 | Google Project Zero and Morgan Marquis-Boire |
MS15-076 | Windows RPC Elevation of Privilege Vulnerability | CVE-2015-2370 | James Forshaw of Google Project Zero |
MS15-075 | OLE Elevation of Privilege Vulnerability | CVE-2015-2416 | Nicolas Joly @n_joly |
MS15-075 | OLE Elevation of Privilege Vulnerability | CVE-2015-2417 | Nicolas Joly @n_joly |
MS15-074 | Windows Installer EoP Vulnerability | CVE-2015-2371 | Mariusz Mlynski working with HP’s Zero Day Initiative |
MS15-073 | Win32k Elevation of Privilege Vulnerability | CVE-2015-2363 | enSilo |
MS15-073 | Win32k Elevation of Privilege Vulnerability | CVE-2015-2363 | Peng Qiu of 360Vulcan Team |
MS15-073 | Win32k Elevation of Privilege Vulnerability | CVE-2015-2365 | Nils Sommer of bytegeist, working with Google Project Zero |
MS15-073 | Win32k Elevation of Privilege Vulnerability | CVE-2015-2366 | Nils Sommer of bytegeist, working with Google Project Zero |
MS15-073 | Win32k Information Disclosure Vulnerability | CVE-2015-2367 | WanderingGlitch of HP’s Zero Day Initiative |
MS15-073 | Win32k Information Disclosure Vulnerability | CVE-2015-2381 | Matt Tait of Google Project Zero |
MS15-073 | Win32k Information Disclosure Vulnerability | CVE-2015-2382 | Matt Tait of Google Project Zero |
MS15-072 | Graphics Component EOP Vulnerability | CVE-2015-2364 | Nicolas Joly @n_joly |
MS15-070 | Microsoft Excel ASLR Bypass Vulnerability | CVE-2015-2375 | 3S Labs working with HP’s Zero Day Initiative |
MS15-070 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-2376 | 3S Labs, working with HP’s Zero Day Initiative |
MS15-070 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-2377 | 3S Labs, working with HP’s Zero Day Initiative |
MS15-070 | Microsoft Excel DLL Remote Code Execution Vulnerability | CVE-2015-2378 | M1x7e1(ShiXiaoLei) of SafeyeTeam |
MS15-070 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-2379 | Steven Vittitoe of Google Project Zero |
MS15-070 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-2380 | Steven Vittitoe of Google Project Zero |
MS15-070 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-2415 | Jack Tang of Trend Micro |
MS15-070 | Microsoft Office Remote Code Execution Vulnerability | CVE-2015-2424 | The Labs Team of iSIGHT Partners |
MS15-070 | Microsoft Office Remote Code Execution Vulnerability | CVE-2015-2424 | Edward Fjellskål of Telenor CERT |
MS15-069 | Windows DLL Remote Code Execution Vulnerability | CVE-2015-2368 | Ashutosh Mehra, working with HP’s Zero Day Initiative |
MS15-069 | DLL Planting Remote Code Execution Vulnerability | CVE-2015-2369 | Haifei Li of McAfee Labs IPS Team |
MS15-068 | Hyper-V Buffer Overflow Vulnerability | CVE-2015-2361 | Thomas Garnier of Microsoft |
MS15-068 | Hyper-V System Data Structure Vulnerability | CVE-2015-2362 | Thomas Garnier of Microsoft |
MS15-066 | VBScript Memory Corruption Vulnerability | CVE-2015-2372 | Bo Qu of Palo Alto Networks |
MS15-066 | VBScript Memory Corruption Vulnerability | CVE-2015-2372 | bilou, working with VeriSign iDefense Labs |
MS15-065 | Internet Explorer Information Disclosure Vulnerability | CVE-2015-1729 | Mashiro YAMADA |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1733 | JaeHun Jeong (@n3sk) of WINS, WSEC Analysis Team |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1738 | Li Kemeng of Baidu Anti-virus Team |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1767 | An anonymous researcher, working with HP’s Zero Day Initiative |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1767 | Zheng Huang of the Baidu Scloud XTeam, working with HP’s Zero Day Initiative |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2383 | Jason Kratzer, working with VeriSign iDefense Labs |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2383 | Sky, working with HP’s Zero Day Initiative |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2383 | Liu Long of the Qihoo 360 Vulcan Team |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2383 | Jihui Lu of KeenTeam (@K33nTeam) |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2384 | Liu Long of the Qihoo 360 Vulcan Team |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2385 | Liu Long of the Qihoo 360 Vulcan Team |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2385 | ChenDong Li of Tencent |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2388 | B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2389 | Linan Hao of the Qihoo 360 Vulcan Team |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2390 | Linan Hao of the Qihoo 360 Vulcan Team |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2391 | Jack Tang of Trend Micro Inc. |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2397 | AA32AF9897C15779037CD4FC1C1C13D7, working with HP’s Zero Day Initiative |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2397 | A3F2160DCA1BDE70DA1D99ED267D5DC1EC336192, working with HP’s Zero Day Initiative |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2397 | Bo Qu of Palo Alto Networks |
MS15-065 | Internet Explorer XSS Filter Bypass Vulnerability | CVE-2015-2398 | Mario Heiderich |
MS15-065 | Internet Explorer XSS Filter Bypass Vulnerability | CVE-2015-2398 | Carlos Munoz of WhiteHat Security (former) and Trustwave SpiderLabs (current) |
MS15-065 | Internet Explorer Elevation of Privilege Vulnerability | CVE-2015-2402 | Ashutosh Mehra, working with HP’s Zero Day Initiative |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2403 | ca0nguyen, working with HP’s Zero Day Initiative |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2404 | 4cbad7dc77d1a1af7d66b5ded6cd92a5, working with HP’s Zero Day Initiative |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2406 | B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2408 | Zheng Huang of Baidu Scloud XTeam, working with HP’s Zero Day Initiative |
MS15-065 | Internet Explorer Information Disclosure Vulnerability | CVE-2015-2410 | A Google Inc. employee |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2411 | JeongHoon Shin |
MS15-065 | Internet Explorer Information Disclosure Vulnerability | CVE-2015-2412 | Ashutosh Mehra, working with HP’s Zero Day Initiative |
MS15-065 | Internet Explorer Information Disclosure Vulnerability | CVE-2015-2413 | Hiroshi Suzuki of Internet Initiative Japan Inc. |
MS15-065 | Internet Explorer Information Disclosure Vulnerability | CVE-2015-2414 | Angelo Prado, Director, Product Security at Salesforce |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2422 | Bo Qu of Palo Alto Networks |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2425 | Bill Finlayson, Vectra Networks |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2425 | Dhanesh Kizhakkinan of FireEye, Inc. |
MS15-065 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-2425 | Peter Pi of TrendMicro |
3074162 | MSRT Race Condition Vulnerability | CVE-2015-2418 | James Forshaw of Google Project Zero |
June 2015 | |||
MS15-063 | Windows LoadLibrary EoP Vulnerability | CVE-2015-1758 | Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc. |
MS15-062 | ADFS XSS Elevation of Privilege Vulnerability | CVE-2015-1757 | “John Hollenberger” and “Tate Hansen from FishNet Security” |
MS15-061 | Microsoft Windows Kernel Information Disclosure Vulnerability | CVE-2015-1719 | Guo Pengfei of Qihoo 360 |
MS15-061 | Microsoft Windows Kernel Use After Free Vulnerability | CVE-2015-1720 | KK of Tencent’s Xuanwu LAB |
MS15-061 | Win32k Null Pointer Dereference Vulnerability | CVE-2015-1721 | Nils Sommer of bytegeist, working with Google Project Zero |
MS15-061 | Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability | CVE-2015-1722 | Nils Sommer of bytegeist, working with Google Project Zero |
MS15-061 | Microsoft Windows Station Use After Free Vulnerability | CVE-2015-1723 | Nils Sommer of bytegeist, working with Google Project Zero |
MS15-061 | Microsoft Windows Kernel Object Use After Free Vulnerability | CVE-2015-1724 | Nils Sommer of bytegeist, working with Google Project Zero |
MS15-061 | Win32k Buffer Overflow Vulnerability | CVE-2015-1725 | Nils Sommer of bytegeist, working with Google Project Zero |
MS15-061 | Microsoft Windows Kernel Brush Object Use After Free Vulnerability | CVE-2015-1726 | Nils Sommer of bytegeist, working with Google Project Zero |
MS15-061 | Win32k Pool Buffer Overflow Vulnerability | CVE-2015-1727 | Nils Sommer of bytegeist, working with Google Project Zero |
MS15-061 | Win32k Elevation of Privilege Vulnerability | CVE-2015-2360 | Maxim Golovkin, Kaspersky Lab |
MS15-061 | Win32k Elevation of Privilege Vulnerability | CVE-2015-2360 | enSilo Research Team |
MS15-059 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-1759 | Ben Hawkes of Google Project Zero |
MS15-059 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-1760 | Ben Hawkes of Google Project Zero |
MS15-059 | Microsoft Office Uninitialized Memory Use Vulnerability | CVE-2015-1770 | Yong Chuan Koh (@yongchuank) MWR Labs (@mwrlabs) |
MS15-057 | Windows Media Player RCE via DataObject Vulnerability | CVE-2015-1728 | bilou, working with VeriSign iDefense Labs |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1687 | Pengfei Guo of Qihoo 360 |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1730 | SkyLined, working with VeriSign iDefense Labs |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1731 | Zheng Huang of Baidu Scloud XTeam |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1732 | Linan Hao of the Qihoo 360 Vulcan Team |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1735 | Zheng Huang of Baidu Scloud XTeam working with HP’s Zero Day Initiative |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1736 | Bo Qu of Palo Alto Networks |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1736 | An anonymous researcher, working with HP’s Zero Day Initiative |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1737 | Dhanesh Kizhakkinan of FireEye, Inc. |
MS15-056 | Internet Explorer Elevation of Privilege Vulnerability | CVE-2015-1739 | Thomas Vanhoutte working with HP’s Zero Day Initiative |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1740 | Chen Zhang (demi6od) of NSFOCUS Security Team |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1740 | Heige (a.k.a. SuperHei) from Knownsec 404 Security Team |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1740 | Bo Qu of Palo Alto Networks |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1741 | Chen Zhang (demi6od) of NSFOCUS Security Team |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1742 | Chen Zhang (demi6od) of NSFOCUS Security Team |
MS15-056 | Internet Explorer Elevation of Privilege Vulnerability | CVE-2015-1743 | Haifei Li of McAfee Labs IPS Team |
MS15-056 | Internet Explorer Elevation of Privilege Vulnerability | CVE-2015-1743 | Yuki Chen of Qihoo 360/Vulcan 360 Team working with HP’s Zero Day Initiative |
MS15-056 | Internet Explorer Elevation of Privilege Vulnerability | CVE-2015-1743 | Thomas Vanhoutte, working with HP’s Zero Day Initiative |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1744 | Bo Qu of Palo Alto Networks |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1744 | National Engineering Laboratory for Mobile Internet System and Application Security, China |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1745 | Yuki Chen of Qihoo 360 working with HP’s Zero Day Initiative |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1747 | lokihardt@ASRT working with HP’s Zero Day Initiative |
MS15-056 | Internet Explorer Elevation of Privilege Vulnerability | CVE-2015-1748 | lokihardt@ASRT working with HP’s Zero Day Initiative |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1750 | Bo Qu of Palo Alto Networks |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1751 | Jason Kratzer, working with VeriSign iDefense Labs |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1752 | Kai Song (exp-sky) of Tencent's Xuanwu LAB |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1752 | Henry Li of Trend Micro |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1753 | Jihui Lu of KeenTeam (@K33nTeam) |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1754 | Jack Tang of Trend Micro |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1755 | 0016EECD9D7159A949DAD3BC17E0A939 working with HP’s Zero Day Initiative |
MS15-056 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1755 | Jason Kratzer, working with VeriSign iDefense Labs |
MS15-056 | Defense-in-depth | ------------------- | רומן זאיקין |
MS15-056 | Defense-in-depth | ------------------- | An anonymous researcher, working with Beyond Security’s SecuriTeam Secure Disclosure team and Ashutosh Mehra working with HP’s Zero Day Initiative |
Special thanks for working with Microsoft to make Internet Explorer more secure. | ------------------- | Xiaoyin Liu @general_nfs | |
May 2015 | |||
MS15-054 | Microsoft Management Console File Format Denial of Service Vulnerability | CVE-2015-1681 | Michael Heerklotz, working with HP’s Zero Day Initiative |
MS15-053 | VBScript ASLR Bypass | CVE-2015-1684 | SkyLined, working with HP’s Zero Day Initiative |
MS15-053 | VBScript and JScript ASLR Bypass | CVE-2015-1686 | Bill Finlayson of BeyondTrust Inc |
MS15-052 | Windows Kernel Security Feature Bypass Vulnerability | CVE-2015-1674 | lokihardt@ASRT, working with HP’s Zero Day Initiative |
MS15-051 | Microsoft Windows Kernel Memory Disclosure Vulnerability | CVE-2015-1676 | WanderingGlitch of HP’s Zero Day Initiative |
MS15-051 | Microsoft Windows Kernel Memory Disclosure Vulnerability | CVE-2015-1677 | WanderingGlitch of HP’s Zero Day Initiative |
MS15-051 | Microsoft Windows Kernel Memory Disclosure Vulnerability | CVE-2015-1678 | WanderingGlitch of HP’s Zero Day Initiative |
MS15-051 | Microsoft Windows Kernel Memory Disclosure Vulnerability | CVE-2015-1679 | WanderingGlitch of HP’s Zero Day Initiative |
MS15-051 | Microsoft Windows Kernel Memory Disclosure Vulnerability | CVE-2015-1680 | WanderingGlitch of HP’s Zero Day Initiative |
MS15-049 | Microsoft Silverlight Out of Browser Application Vulnerability | CVE-2015-1715 | Exodus Intelligence |
MS15-048 | .NET XML Decryption Denial of Service Vulnerability | CVE-2015-1672 | John Heasman of DocuSign |
MS15-048 | Windows Forms Elevation of Privilege Vulnerability | CVE-2015-1673 | Kalle Niemitalo |
MS15-046 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-1682 | 3S Labs, working with HP’s Zero Day Initiative |
MS15-046 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-1683 | Jack Tang of Trend Micro |
MS15-046 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-1683 | Kai Lu of Fortinet's FortiGuard Labs |
MS15-045 | Windows Journal Remote Code Execution Vulnerability | CVE-2015-1675 | Bill Finlayson of Beyond Trust, Inc. |
MS15-045 | Windows Journal Remote Code Execution Vulnerability | CVE-2015-1695 | Adith Sudhakar, VMware |
MS15-045 | Windows Journal Remote Code Execution Vulnerability | CVE-2015-1696 | Rohit Mothe of VeriSign iDefense Labs |
MS15-045 | Windows Journal Remote Code Execution Vulnerability | CVE-2015-1697 | Rohit Mothe of VeriSign iDefense Labs |
MS15-045 | Windows Journal Remote Code Execution Vulnerability | CVE-2015-1698 | Adith Sudhakar, VMware |
MS15-045 | Windows Journal Remote Code Execution Vulnerability | CVE-2015-1698 | Rohit Mothe of VeriSign iDefense Labs |
MS15-045 | Windows Journal Remote Code Execution Vulnerability | CVE-2015-1699 | Steven Seeley of Source Incite |
MS15-044 | OpenType Font Parsing Vulnerability | CVE-2015-1670 | Mateusz Jurczyk of Google Project Zero |
MS15-044 | TrueType Font Parsing Vulnerability | CVE-2015-1671 | Dan Caselden of FireEye, Inc. |
MS15-043 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1658 | Jason Kratzer, working with VeriSign iDefense Labs |
MS15-043 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1658 | National Engineering Laboratory for Mobile Internet System and Application Security, China |
MS15-043 | VBScript ASLR Bypass | CVE-2015-1684 | SkyLined, working with HP’s Zero Day Initiative |
MS15-043 | Internet Explorer ASLR Bypass | CVE-2015-1685 | Hao Linan of 360 Vulcan Team |
MS15-043 | Internet Explorer ASLR Bypass | CVE-2015-1685 | Dhanesh Kizhakkinan of FireEye, Inc. |
MS15-043 | Internet Explorer ASLR Bypass | CVE-2015-1685 | Li Kemeng of Baidu Scloud XTeam |
MS15-043 | VBScript and JScript ASLR Bypass | CVE-2015-1686 | Bill Finlayson of BeyondTrust Inc |
MS15-043 | Internet Explorer Elevation of Privilege Vulnerability | CVE-2015-1688 | Ashutosh Mehra |
MS15-043 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1689 | Jihui Lu of KeenTeam (@K33nTeam) |
MS15-043 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1691 | Jihui Lu of KeenTeam (@K33nTeam) |
MS15-043 | Internet Explorer Clipboard Information Disclosure Vulnerability | CVE-2015-1692 | Daniel Trebbien |
MS15-043 | Internet Explorer Clipboard Information Disclosure Vulnerability | CVE-2015-1692 | Vincent Lee of TELUS Security Labs |
MS15-043 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1694 | Jack Tang of Trend Micro |
MS15-043 | Internet Explorer Elevation of Privilege Vulnerability | CVE-2015-1703 | Akitsugu |
MS15-043 | Internet Explorer Elevation of Privilege Vulnerability | CVE-2015-1704 | Mario Heiderich |
MS15-043 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1705 | Bo Qu of Palo Alto Networks |
MS15-043 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1706 | Zheng Huang of Baidu Scloud XTeam working with HP’s Zero Day Initiative |
MS15-043 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1708 | Bo Qu of Palo Alto Networks |
MS15-043 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1709 | Jack Tang of Trend Micro |
MS15-043 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1709 | Zheng Huang of Baidu Scloud XTeam working with HP’s Zero Day Initiative |
MS15-043 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1710 | Dhanesh Kizhakkinan of FireEye, Inc. |
MS15-043 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1711 | Bo Qu of Palo Alto Networks |
MS15-043 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1712 | sweetchip@GRAYHASH |
MS15-043 | Internet Explorer Elevation of Privilege Vulnerability | CVE-2015-1713 | Ashutosh Mehra |
MS15-043 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1714 | sweetchip@GRAYHASH, working with HP’s Zero Day Initiative |
MS15-043 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1717 | 0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative |
MS15-043 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1718 | Jihui Lu of KeenTeam (@K33nTeam) |
April 2015 | |||
MS15-042 | Windows Hyper-V DoS Vulnerability | CVE-2015-1647 | Dmitry Alikov of Veeam Software AG |
MS15-039 | MSXML3 Same Origin Policy SFB vulnerability | CVE-2015-1646 | Hormazd Billimoria, Xiaoran Wang, Sergey Gorbaty, Anton Rager, and Jonathan Brossard of Salesforce.com |
MS15-038 | NtCreateTransactionManager Type Confusion Vulnerability | CVE-2015-1643 | James Forshaw of Google Project Zero |
MS15-038 | Windows MS-DOS Device Name Elevation of Privilege Vulnerability | CVE-2015-1644 | James Forshaw of Google Project Zero |
MS15-037 | Task Scheduler Elevation of Privilege Vulnerability | CVE-2015-0098 | Renato Ettisberger of IOprotect GmbH |
MS15-035 | EMF Processing Remote Code Execution Vulnerability | CVE-2015-1645 | Hossein Lotfi, Secunia Research |
MS15-034 | HTTP.sys Remote Code Execution Vulnerability | CVE-2015-1635 | The Citrix Security Response Team |
MS15-033 | Microsoft Outlook App for Mac XSS Vulnerability | CVE-2015-1639 | Rakesh Dharmavaram |
MS15-033 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-1641 | The Labs Team of iSIGHT Partners |
MS15-033 | Microsoft Office Component Use After Free Vulnerability | CVE-2015-1649 | Jack Tang of Trend Micro |
MS15-033 | Microsoft Office Component Use After Free Vulnerability | CVE-2015-1649 | Dan Caselden of FireEye, Inc. |
MS15-033 | Microsoft Office Component Use After Free Vulnerability | CVE-2015-1650 | 3S Labs, working with HP’s Zero Day Initiative |
MS15-033 | Defense-in-depth change in this bulletin | ------------------- | Chris Parmer of Plotly |
MS15-033 | Microsoft Office Component Use After Free Vulnerability | CVE-2015-1651 | Ben Hawkes of Google Project Zero |
MS15-032 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1652 | 0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative |
MS15-032 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1657 | Jihui Lu of KeenTeam (@K33nTeam) |
MS15-032 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1659 | Jason Kratzer, working with HP’s Zero Day Initiative |
MS15-032 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1660 | Arthur Gerkis, working with HP’s Zero Day Initiative |
MS15-032 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1661 | AbdulAziz Hariri, working with HP’s Zero Day Initiative |
MS15-032 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1665 | AMol NAik & Garage4Hackers, working with HP’s Zero Day Initiative |
MS15-032 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1666 | b0nd@garage4hackers@, working with HP’s Zero Day Initiative |
MS15-032 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1667 | ca0nguyen, working with HP’s Zero Day Initiative |
MS15-032 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1668 | Omair, working with HP’s Zero Day Initiative |
March 2015 | |||
MS15-029 | JPEG XR Parser Information Disclosure Vulnerability | CVE-2015-0076 | Michal Zalewski of Google Inc. |
MS15-028 | Task Scheduler Security Feature Bypass Vulnerability | CVE-2015-0084 | James Forshaw of Google Project Zero |
MS15-027 | NETLOGON Spoofing Vulnerability | CVE-2015-0005 | This vulnerability was discovered and researched by Alberto Solino from Core Security. The publication of this advisory was coordinated by Joaquín Rodríguez Varela from the Core Advisories Team. |
MS15-026 | OWA Modified Canary Parameter Cross Site Scripting Vulnerability | CVE-2015-1628 | Francisco Correa |
MS15-026 | ExchangeDLP Cross Site Scripting Vulnerability | CVE-2015-1629 | Adi Ivascu |
MS15-026 | Audit Report Cross Site Scripting Vulnerability | CVE-2015-1630 | Adi Ivascu |
MS15-026 | Exchange Forged Meeting Request Spoofing Vulnerability | CVE-2015-1631 | Nicolai Grodum |
MS15-026 | Exchange Error Message Cross Site Scripting Vulnerability | CVE-2015-1632 | Darius Petrescu |
MS15-025 | Registry Virtualization Elevation of Privilege Vulnerability | CVE-2015-0073 | James Forshaw of Google Project Zero |
MS15-024 | Malformed PNG Parsing Information Disclosure Vulnerability | CVE-2015-0080 | Michal Zalewski of Google Inc. |
MS15-023 | Microsoft Windows Kernel Memory Disclosure Vulnerability | CVE-2015-0077 | WanderingGlitch, working with HP’s Zero Day Initiative |
MS15-023 | Win32k Elevation of Privilege Vulnerability | CVE-2015-0078 | James Forshaw of Google Project Zero |
MS15-023 | Win32k Elevation of Privilege Vulnerability | CVE-2015-0078 | Ashutosh Mehra of Adobe Systems Inc. |
MS15-023 | Microsoft Windows Kernel Memory Disclosure Vulnerability | CVE-2015-0094 | WanderingGlitch, working with HP’s Zero Day Initiative |
MS15-023 | Microsoft Windows Kernel Memory Disclosure Vulnerability | CVE-2015-0095 | KK of Xuanwu Lab of Tencent |
MS15-022 | Microsoft Office Component Use After Free Vulnerability | CVE-2015-0085 | 3S Labs, working with HP’s Zero Day Initiative |
MS15-022 | Microsoft Office Memory Corruption Vulnerability | CVE-2015-0086 | Ben Hawkes of Google Project Zero |
MS15-022 | Microsoft Word Local Zone Remote Code Execution Vulnerability | CVE-2015-0097 | Eduardo Prado, working with Beyond Security’s SecuriTeam Secure Disclosure team |
MS15-022 | Microsoft SharePoint XSS Vulnerability | CVE-2015-1633 | Adi Ivascu |
MS15-022 | Microsoft SharePoint XSS Vulnerability | CVE-2015-1636 | Adi Ivascu |
MS15-021 | Adobe Font Driver Denial of Service Vulnerability | CVE-2015-0074 | Mateusz Jurczyk of Google Project Zero |
MS15-021 | Adobe Font Driver Information Disclosure Vulnerability | CVE-2015-0087 | Mateusz Jurczyk of Google Project Zero |
MS15-021 | Adobe Font Driver Remote Code Execution Vulnerability | CVE-2015-0088 | Mateusz Jurczyk of Google Project Zero |
MS15-021 | Adobe Font Driver Information Disclosure Vulnerability | CVE-2015-0089 | Mateusz Jurczyk of Google Project Zero |
MS15-021 | Adobe Font Driver Remote Code Execution Vulnerability | CVE-2015-0090 | Mateusz Jurczyk of Google Project Zero |
MS15-021 | Adobe Font Driver Remote Code Execution Vulnerability | CVE-2015-0091 | Mateusz Jurczyk of Google Project Zero |
MS15-021 | Adobe Font Driver Remote Code Execution Vulnerability | CVE-2015-0092 | Mateusz Jurczyk of Google Project Zero |
MS15-021 | Adobe Font Driver Remote Code Execution Vulnerability | CVE-2015-0092 | s3tm3m, working with HP’s Zero Day Initiative |
MS15-021 | Adobe Font Driver Remote Code Execution Vulnerability | CVE-2015-0093 | Mateusz Jurczyk of Google Project Zero |
MS15-020 | WTS Remote Code Execution Vulnerability | CVE-2015-0081 | Garage4Hackers, working with HP’s Zero Day Initiative |
MS15-020 | WTS Remote Code Execution Vulnerability | CVE-2015-0081 | Francis Provencher of Protek Research Lab’s |
MS15-020 | DLL Planting Remote Code Execution Vulnerability | CVE-2015-0096 | Michael Heerklotz, working with HP’s Zero Day Initiative |
MS15-019 | VBScript Memory Corruption Vulnerability | CVE-2015-0032 | Bo Qu of Palo Alto Networks |
MS15-018 | VBScript Memory Corruption Vulnerability | CVE-2015-0032 | Bo Qu of Palo Alto Networks |
MS15-018 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0056 | 0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative |
MS15-018 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0056 | Jihui Lu of KeenTeam (@K33nTeam) |
MS15-018 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0099 | SkyLined, working with HP’s Zero Day Initiative |
MS15-018 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0100 | ca0nguyen, working with HP’s Zero Day Initiative |
MS15-018 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1622 | SkyLined, working with HP’s Zero Day Initiative |
MS15-018 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1622 | AMol NAik, working with HP’s Zero Day Initiative |
MS15-018 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1623 | 0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative |
MS15-018 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1624 | Arthur Gerkis, working with HP’s Zero Day Initiative |
MS15-018 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1625 | Bo Qu of Palo Alto Networks |
MS15-018 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1626 | ca0nguyen, working with HP’s Zero Day Initiative |
MS15-018 | Internet Explorer Elevation of Privilege Vulnerability | CVE-2015-1627 | Ashutosh Mehra |
MS15-018 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-1634 | An anonymous researcher, working with Beyond Security’s SecuriTeam Secure Disclosure team |
MS15-018 | Defense-in-depth change in this bulletin | ------------------- | Michal Zalewski of Google Project Zero |
MS15-018 | Defense-in-depth change in this bulletin | ------------------- | Zhang YunHai, NSFOCUS Security Team |
MS15-018 | Defense-in-depth change in this bulletin | ------------------- | Noriaki Iwasaki of Cyber Defense Institute, Inc. |
February 2015 | |||
MS15-016 | TIFF Processing Information Disclosure Vulnerability | CVE-2015-0061 | Michal Zalewski of Google Inc. |
MS15-015 | Windows Create Process Elevation of Privilege Vulnerability | CVE-2015-0062 | James Forshaw of Google Project Zero |
MS15-014 | Group Policy Security Feature Bypass Vulnerability | CVE-2015-0009 | Luke Jennings |
MS15-012 | Excel Remote Code Execution Vulnerability | CVE-2015-0063 | Fermin J. Serna of the Google Security Team |
MS15-012 | Office Remote Code Execution Vulnerability | CVE-2015-0064 | Ben Hawkes of Google Project Zero |
MS15-012 | OneTableDocumentStream Remote Code Execution Vulnerability | CVE-2015-0065 | Ben Hawkes of Google Project Zero |
MS15-011 | Group Policy Remote Code Execution Vulnerability | CVE-2015-0008 | Jeff Schmidt of JAS Global Advisors |
MS15-011 | Group Policy Remote Code Execution Vulnerability | CVE-2015-0008 | Dr. Arnoldo Muller-Molina of simMachines |
MS15-011 | Group Policy Remote Code Execution Vulnerability | CVE-2015-0008 | The Internet Corporation for Assigned Names and Numbers (ICANN) |
MS15-010 | Win32k Elevation of Privilege Vulnerability | CVE-2015-0003 | Marcin Wiazowski, working with HP’s Zero Day Initiative |
MS15-010 | CNG Security Feature Bypass Vulnerability | CVE-2015-0010 | James Forshaw of Google Project Zero |
MS15-010 | Win32k Elevation of Privilege Vulnerability | CVE-2015-0057 | Udi Yavo, CTO of enSilo |
MS15-010 | Windows Cursor Object Double Free Vulnerability | CVE-2015-0058 | n3phos, working with HP’s Zero Day Initiative |
MS15-010 | TrueType Font Parsing Remote Code Execution Vulnerability | CVE-2015-0059 | Cris Neckar of Divergent Security |
MS15-010 | Windows Font Driver Denial of Service Vulnerability | CVE-2015-0060 | Cris Neckar of Divergent Security |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0017 | Aniway.Anyway@gmail.com, working with HP’s Zero Day Initiative |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0017 | Adlab of Venustech |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0018 | Bo Qu of Palo Alto Networks |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0019 | Bo Qu of Palo Alto Networks |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0020 | Liu Long of Qihoo 360 |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0021 | Liu Long of Qihoo 360 |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0022 | Yujie Wen of Qihoo 360 |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0023 | José A. Vázquez of VeriSign iDefense Labs |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0025 | An anonymous researcher, working with HP’s Zero Day Initiative |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0026 | Chen Zhang (demi6od) of NSFOCUS Security Team |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0027 | Jason Kratzer, working with HP’s Zero Day Initiative |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0028 | Yujie Wen of Qihoo 360 |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0029 | Yuki Chen of Qihoo 360 |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0030 | Chen Zhang (demi6od) of NSFOCUS Security Team |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0031 | Aniway.Anyway@gmail.com, working with HP’s Zero Day Initiative |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0035 | Sky, working with HP’s Zero Day Initiative |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0035 | Pawel Wylecial, working with HP’s Zero Day Initiative |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0035 | Li Kemeng of Baidu Anti-virus Team |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0036 | An anonymous researcher, working with HP’s Zero Day Initiative |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0037 | sweetchip@GRAYHASH, working with HP’s Zero Day Initiative |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0038 | An anonymous researcher, working with HP’s Zero Day Initiative |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0038 | Dhanesh Kizhakkinan of FireEye, Inc. |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0038 | Bo Qu of Palo Alto Networks |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0039 | Jihui Lu of KeenTeam (@K33nTeam) |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0040 | SkyLined, working with HP’s Zero Day Initiative |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0041 | 0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0041 | An anonymous researcher, working with HP’s Zero Day Initiative |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0041 | Li Kemeng of Baidu Anti-virus Team |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0042 | Omair working with HP’s Zero Day Initiative |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0043 | Omair working with HP’s Zero Day Initiative |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0044 | ca0nguyen, working with HP’s Zero Day Initiative |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0045 | ca0nguyen, working with HP’s Zero Day Initiative |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0045 | Bo Qu of Palo Alto Networks |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0046 | Stephen Fewer of Harmony Security, working with HP’s Zero Day Initiative |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0048 | SkyLined |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0049 | SkyLined |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0050 | SkyLined |
MS15-009 | Internet Explorer ASLR Bypass Vulnerability | CVE-2015-0051 | SkyLined |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0052 | SkyLined |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0053 | SkyLined, working with HP’s Zero Day Initiative |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0053 | Tao Qiu of Huawei's IT Infrastructure & Security Dept, BP & IT |
MS15-009 | Internet Explorer Elevation of Privilege Vulnerability | CVE-2015-0055 | James Forshaw of Google Project Zero |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0066 | Edward Torkington of NCC Group |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0066 | Jihui Lu of KeenTeam (@K33nTeam) |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0067 | Peter Vreugdenhil of exodusintel.com |
MS15-009 | Internet Explorer Memory Corruption Vulnerability | CVE-2015-0068 | Bo Qu of Palo Alto Networks |
MS15-009 | Internet Explorer ASLR Bypass Vulnerability | CVE-2015-0069 | Jack Tang of Trend Micro |
MS15-009 | Internet Explorer ASLR Bypass Vulnerability | CVE-2015-0071 | The Labs Team of iSIGHT Partners |
MS15-009 | Internet Explorer ASLR Bypass Vulnerability | CVE-2015-0071 | Clement Lecigne of Google Inc. |
January 2015 | |||
MS15-008 | WebDAV Elevation of Privilege Vulnerability | CVE-2015-0011 | James Forshaw of Google Project Zero |
MS15-006 | Windows Error Reporting Security Feature Bypass Vulnerability | CVE-2015-0001 | Alex Ionescu of Winsider Seminars & Solutions Inc. and CrowdStrike Inc. |
MS15-005 | NLA Security Feature Bypass Vulnerability | CVE-2015-0006 | Jonas Vestberg of Sentor |
MS15-004 | Directory Traversal Elevation of Privilege Vulnerability | CVE-2015-0016 | Liam O’Murchu of Symantec |
MS15-002 | Windows Telnet Service Buffer Overflow Vulnerability | CVE-2015-0014 | Daiyuu Nobori and Christopher Hiroshi Higuchi SMITH of the University of Tsukuba |