MS14-057: Vulnerabilities in the .NET Framework could allow remote code execution: October 14, 2014

Resolves vulnerabilities that could allow elevation of privilege, remote code execution, or bypass the Address Space Layout Randomization ASLR security feature.View products that this article applies to.IntroductionThis security update resolves the following:The vulnerabilities that could allow...

MS14-059: Vulnerability in ASP.NET MVC could allow security feature bypass: October 14, 2014

Describes a security update that resolves a vulnerability in ASP.NET MVC that could allow security feature bypass if an attacker convinces a user to click a specially crafted link or to go to a webpage that contains specially crafted content.View products that this article applies...

MS14-061: Description of the security update for Microsoft Word 2010: October 14, 2014

This security update resolves a vulnerability in Microsoft Word that could allow remote code execution if an attacker convinces a user to open a specially crafted Microsoft Office file.INTRODUCTIONMicrosoft has released security bulletin MS14-061. To learn more about this security bulletin:Home...

MS14-061: Description of the security update for Microsoft SharePoint Server 2010: October 14, 2014

This security update resolves a vulnerability in Microsoft Word that could allow remote code execution if an attacker convinces a user to open a specially crafted Microsoft Office file.INTRODUCTIONMicrosoft has released security bulletin MS14-061. To learn more about this security bulletin: Home...

MS14-061: Description of the security update for Microsoft Office Web Apps Server 2010: October 14, 2014

This security update resolves a vulnerability in Microsoft Word that could allow remote code execution if an attacker convinces a user to open a specially crafted Microsoft Office file.INTRODUCTIONMicrosoft has released security bulletin MS14-061. To learn more about this security bulletin: Home...

MS14-053: Vulnerability in the .NET Framework could allow denial of service: September 9, 2014

Resolves a vulnerability in the .NET Framework that could allow denial of service if an attacker sends a few specially crafted requests to an affected .NET-enabled website.View products that this article applies to.IntroductionThis update resolves a vulnerability in the Microsoft .NET Framework...

MS14-044: Vulnerabilities in SQL Server could allow elevation of privilege: August 12, 2014

Resolves vulnerabilities in SQL Server that could allow elevation of privilege if a user goes to a specially crafted website that injects a client-side script into the user's instance of Internet Explorer.INTRODUCTIONMicrosoft has released security bulletin MS14-044. To learn more about this...

MS14-049: Vulnerability in Windows installer service could allow elevation of privilege: August 12, 2014

Resolves a vulnerability in Windows that could allow elevation of privilege if an attacker runs a specially crafted application that tries to repair a previously installed application.INTRODUCTIONMicrosoft has released security bulletin MS14-049. To learn more about this security bulletin:Home...

MS14-045: Vulnerabilities in kernel-mode drivers could allow elevation of privilege: August 12, 2014

Resolves vulnerabilities in Windows that could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.INTRODUCTIONMicrosoft has released security bulletin MS14-045. To learn more about this security bulletin:Home...

MS14-050: Description of the security update for SharePoint Services: August 12, 2014

Resolves a vulnerability in Microsoft SharePoint Services. An authenticated attacker who successfully exploited this vulnerability could use a specially crafted app to run arbitrary code in the security context of the logged-on user.INTRODUCTIONMicrosoft has released security bulletin MS14-050. T...

MS14-046: Vulnerability in the .NET Framework could allow security feature bypass: August 12, 2014

Resolves a vulnerability in the Microsoft .NET Framework that could bypass the Address Space Layout Randomization ASLR security feature if a user goes to a specially crafted website.View products that this article applies to.IntroductionThis update resolves a vulnerability in the Microsoft .NET...

MS14-050: Vulnerability in Microsoft SharePoint Server could allow elevation of privilege: August 12, 2014

Resolves a vulnerability in Microsoft SharePoint Services. An authenticated attacker who successfully exploits this vulnerability could use a specially crafted app to run arbitrary code in the security context of the logged-on user.INTRODUCTIONMicrosoft has released security bulletin MS14-050. To...

MS14-038: Vulnerability in Windows journal could allow remote code execution: July 8, 2014

Resolves a vulnerability in Windows that could allow remote code execution if a user opens a specially crafted journal file. An attacker would be unable to force users to go to a specially crafted website.INTRODUCTIONMicrosoft has released security bulletin MS14-038. To learn more about this...

MS14-037: Security update for Internet Explorer 11 for systems that do not have update 2919355 or update 2929437 installed: July 8, 2014

Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage by using Internet Explorer.INTRODUCTIONThe security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory, validate...

MS14-038: Description of the security update for Windows-based systems that don't have update 2919355 installed: July 8, 2014

Resolves a vulnerability in Windows that could allow remote code execution if a user opens a specially crafted Journal file.INTRODUCTIONMicrosoft has released security bulletin MS14-038. To learn more about this security bulletin: Home...

MS14-037: Security update for Internet Explorer versions 6, 7, 8, 9, 10, and 11: July 8, 2014

Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage by using Internet Explorer.IntroductionThe security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory, validate...

MS14-037: Cumulative security update for Internet Explorer: July 8, 2014

Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage by using Internet Explorer.The update that this article describes has been replaced by a newer update. We recommend that you install the most current cumulative securit...

MS14-041: Vulnerability in DirectShow could allow elevation of privilege: July 8, 2014

Resolves a vulnerability in Microsoft Windows that could allow elevation of privilege if an attacker first exploits another vulnerability in a low-integrity process and then uses this vulnerability to execute specially crafted code in the context of the logged-on user.INTRODUCTIONMicrosoft has...

MS14-039: Vulnerability in the on-screen keyboard could allow elevation of privilege: July 8, 2014

Resolves a vulnerability in Windows that could allow elevation of privilege if an attacker uses a vulnerability in a low-integrity process to execute the on-screen keyboard OSK and upload a specially crafted program to the target system.INTRODUCTIONMicrosoft has released security bulletin MS14-03...

MS14-040: Vulnerability in ancillary function driver could allow elevation of privilege: July 8, 2014

Resolves a vulnerability in Windows that could allow elevation of privilege an attacker logs on to a system and runs a specially crafted application.INTRODUCTIONMicrosoft has released security bulletin MS14-040. To learn more about this security bulletin: Home...

Support has ended for Office 2003

Support has ended for Office 2003 Last updated 2014-10-28Support for Office 2003 has ended. All of your Office 2003 apps will continue to function. However, you could expose yourself to serious and potentially harmful security risks. Upgrade to a newer version of Office so you can stay up to date...

Support has ended for Office 2003

Support has ended for Office 2003 Last updated 2014-10-28Support for Office 2003 has ended. All of your Office 2003 apps will continue to function. However, you could expose yourself to serious and potentially harmful security risks. Upgrade to a newer version of Office so you can stay up to date...

MS09-054: Cumulative security update for Internet Explorer

Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted Web page by using Internet Explorer.The update that this article describes has been replaced by a newer update. To resolve this problem, install the most current cumulative...

MS10-002: Cumulative security update for Internet Explorer

Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.The update that this article describes has been replaced by a newer update. To resolve this problem, install the most current cumulative securi...

MS11-002: Vulnerabilities in Microsoft Data Access Components could allow remote code execution

Resolves vulnerabilities in Microsoft Data Access Components that could allow remote code execution if a user views a specially crafted webpage.Support for Windows Vista Service Pack 1 SP1 ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows...

MS10-087: Vulnerabilities in Microsoft Office could allow remote code execution

Description of the vulnerabilities in Microsoft Office could allow remote code execution.INTRODUCTIONMicrosoft has released security bulletin MS10-087. To view the complete security bulletin, visit one of the following Microsoft websites: Home...

MS10-090: Cumulative security update for Internet Explorer

Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.The update that this article describes has been replaced by a newer update. To resolve this problem, install the most current cumulative securi...

MS10-103: Vulnerabilities in Microsoft Publisher could allow remote code execution

Describes the security update that fixes the vulnerabilities in Microsoft Publisher that could allow remote code execution.INTRODUCTIONMicrosoft has released security bulletin MS10-103. To view the complete security bulletin, visit one of the following Microsoft websites: Home...

MS10-035: Cumulative security update for Internet Explorer

Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user uses Internet Explorer to view a specially crafted Web page.The update that this article describes has been replaced by a newer update. To resolve this problem, install the most current cumulative...

MS14-035: Security update for Internet Explorer 11 for systems that do not have update 2919355 or update 2929437 installed: June 10, 2014

Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage by using Internet Explorer.IntroductionThis security update 2957689 resolves two publicly disclosed vulnerabilities and fifty-eight privately reported vulnerabilities i...

MS14-035: Cumulative security update for Internet Explorer: June 10, 2014

Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage by using Internet Explorer.The update that this article describes has been replaced by a newer update. We recommend that you install the most current cumulative securit...

MS14-036: Description of the security update for Windows 8.1 and Windows Server 2012 R2: June 10, 2014

Resolves vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync that could allow remote code execution if a user opens a specially crafted file or webpage.IntroductionThis security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync that...

MS14-030: Vulnerability in Remote Desktop could allow tampering: June 10, 2014

Resolves a vulnerability in Windows that could allow tampering if an attacker gains access to the same network segment as the targeted system during an active RDP session and then sends specially crafted RDP packets to the targeted system.INTRODUCTIONMicrosoft has released security bulletin...

MS14-036: Description of the security update for Windows 8.1, Windows Server 2012 RT, Windows 8, and Windows Server 2012: June 10, 2014

Resolves vulnerabilities in Windows, Microsoft Office, and Microsoft Lync that could allow remote code execution if a user opens a specially crafted file or webpage.IntroductionThis security update resolves vulnerabilities in Windows, Microsoft Office, and Microsoft Lync that could allow remote...

MS14-031: Vulnerability in TCP protocol could allow denial of service: June 10, 2014

Resolves a vulnerability in Windows that could allow denial of service if an attacker sends a sequence of specially crafted packets to the target system.INTRODUCTIONMicrosoft has released security bulletin MS14-031. To learn more about this security bulletin: Home...

MS14-033: Vulnerability in Microsoft XML core services could allow information disclosure: June 10, 2014

Resolves a vulnerability in Windows that could allow information disclosure if a logged-on user accesses a specially crafted website that's designed to start Microsoft XML Core Services MSXML through Internet Explorer.INTRODUCTIONMicrosoft has released security bulletin MS14-033. To learn more...

MS14-036: Vulnerabilities in Microsoft graphics component could allow remote code execution: June 10, 2014

Resolves vulnerabilities in Windows, Microsoft Office, and Microsoft Lync that could allow remote code execution if a user opens a specially crafted file or webpage.INTRODUCTIONMicrosoft has released security bulletin MS14-036. To learn more about this security bulletin:Home...

MS14-023: Vulnerability in Microsoft Office could allow remote code execution

Resolves vulnerabilities in Microsoft Office that could allow remote code execution when an Office file that is located in the same network directory as a specially crafted library file is opened.View products that this article applies to.IntroductionThis update resolves vulnerabilities in...

MS14-022: Vulnerabilities in Microsoft SharePoint Server could allow remote code execution: May 13, 2014

This security update resolves multiple privately reported vulnerabilities in Microsoft Office server and productivity software. The most severe of these vulnerabilities could allow remote code execution if an authenticated attacker sends specially crafted page content to a target SharePoint...

MS14-026: Vulnerability in the .NET Framework could allow elevation of privilege: May 13, 2014

Resolves a vulnerability in the Microsoft .NET Framework that could allow elevation of privilege if an unauthenticated attacker sends specially crafted data to an affected workstation or server that has the .NET Framework Remoting feature enabled.View products that this article applies...

MS14-029: Security update for Internet Explorer 11 for systems that do not have update 2919355 (for Windows 8.1 or Windows Server 2012 R2) or update 2929437 (for Windows 7 SP1 or Windows Server 2008 R2 SP1) installed: May 13, 2014

Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage by using Internet Explorer.INTRODUCTION Microsoft has released security bulletin MS14-029. Learn more about how to obtain the fixes included in this security bulletin:F...

MS14-028: Vulnerabilities in iSCSI could allow denial of service: May 13, 2014

Resolves vulnerabilities in Windows that could allow denial of service if an attacker sends large amounts of specially crafted iSCSI packets over the target network. This vulnerability affects only those servers for which the iSCSI target role is enabled.INTRODUCTIONMicrosoft has released securit...

MS14-022: Description of the security update for Office Web Apps Server 2013: May 13, 2014

Resolves vulnerabilities in Office Web Apps Server 2013 that could allow remote code execution if an authenticated attacker sends specially crafted page content to a target SharePoint Server.IntroductionThis update resolves vulnerabilities in Microsoft Office Web Apps Server 2013 that could allow...

MS14-029: Security update for Internet Explorer versions 6, 7, 8, 9, 10, and 11: May 13, 2014

Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage by using Internet Explorer.INTRODUCTIONMicrosoft has released security bulletin MS14-029. Learn more about how to obtain the fixes included in this security bulletin:Fo...

MS14-022: Description of the security update for Web Applications 2010: May 13, 2014

Resolves vulnerabilities in Web Applications 2010 that could allow remote code execution if an authenticated attacker sends specially crafted page content to a target SharePoint server.IntroductionThis update resolves vulnerabilities in Web Applications 2010 that could allow remote code execution...

MS14-027: Description of the security update for Windows systems that do not have update 2919355 installed: May 13, 2014

Resolves a vulnerability in Windows that could allow elevation of privilege if an attacker runs a specially crafted application that uses ShellExecute.IntroductionThis security update resolves a vulnerability in Windows that could allow elevation of privilege if an attacker runs a specially craft...

MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege: May 13, 2014

Resolves a vulnerability in Windows that could allow elevation of privilege if Active Directory Group Policy Preferences extensions are used to distribute passwords across the domain. This practice could allow an attacker to retrieve and decrypt the password that is stored together with Group...

MS14-023: Description of the security update for Office 2013: May 13, 2014

Resolves vulnerabilities in Microsoft Office that could allow remote code execution when an Office file that is located in the same network directory as a specially crafted library file is opened.View products that this article applies to.IntroductionThis update resolves vulnerabilities in...

MS14-022: Description of the security update for SharePoint Server 2013: May 13, 2014

Resolves vulnerabilities in Microsoft Office server and productivity software that could allow remote code execution if an authenticated attacker sends specially crafted page content to a target SharePoint server.IntroductionThis update resolves vulnerabilities in Microsoft SharePoint Designer 20...

MS14-024: Vulnerability in a Microsoft common control could allow security feature bypass: May 13, 2014

Resolves a vulnerability in the MSCOMCTL common controls library that could allow security feature bypass if a user views a specially crafted webpage in a web browser, such as Internet Explorer, that can create instances of COM components.INTRODUCTIONMicrosoft has released security bulletin...