MS14-029: Security update for Internet Explorer versions 6, 7, 8, 9, 10, and 11: May 13, 2014

Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage by using Internet Explorer.INTRODUCTIONMicrosoft has released security bulletin MS14-029. Learn more about how to obtain the fixes included in this security bulletin:Fo...

MS14-029: Security update for Internet Explorer 11 for systems that do not have update 2919355 (for Windows 8.1 or Windows Server 2012 R2) or update 2929437 (for Windows 7 SP1 or Windows Server 2008 R2 SP1) installed: May 13, 2014

Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage by using Internet Explorer.INTRODUCTION Microsoft has released security bulletin MS14-029. Learn more about how to obtain the fixes included in this security bulletin:F...

MS14-021: Security update for Internet Explorer: May 1, 2014

Resolves a vulnerability in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage by using Internet Explorer.The update that this article describes has been replaced by a newer update. We recommend that you install the most current cumulative securit...

Description of the security update for Internet Explorer: May 1, 2014

Resolves a vulnerability in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage by using Internet Explorer.INTRODUCTION Microsoft has released security bulletin MS14-021. Learn more about how to obtain the fixes that are included in this security...

MS14-017: Description of the security update for Word Web App: April 8, 2014

Resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Office.IntroductionThis update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted...

MS14-017: Description of the security update for Office 2013 and Office 2013 RT: April 8, 2014

Resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Office.IntroductionThis update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted...

MS14-017: Description of the security update for Word Automation Services in SharePoint Server 2010: April 8, 2014

Resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted file is opened in an affected version of Office.View products that this article applies to.IntroductionThis update resolves vulnerabilities in Microsoft Office that could allow remote code...

MS14-017: Description of the security update for Word 2010 Service Pack 1 and Service Pack 2: April 8, 2014

Resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Office.IntroductionThis update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted...

MS14-017: Description of the security update for Word 2010 Service Pack 1 and Service Pack 2: April 8, 2014

Resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Office.IntroductionThis update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted...

MS14-017: Description of the security update for Office Web Apps Server 2013: April 8, 2014

Resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Office.IntroductionThis update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted...

MS14-017: Vulnerabilities in Microsoft Word and Office Web Apps could allow remote code execution: April 8, 2014

Resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Office.IntroductionThis update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted...

MS14-012: Cumulative security update for Internet Explorer: March 11, 2014

Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage in Internet Explorer.The update that this article describes has been replaced by a newer update. We recommend that you install the most current cumulative security upda...

MS14-016: Vulnerability in Security Account Manager Remote (SAMR) protocol could allow security feature bypass: March 11, 2014

Resolves a vulnerability in Windows that could allow a security feature bypass if an attacker makes multiple attempts to match passwords to a username.IntroductionThis update resolves a vulnerability in Windows that could allow a security feature bypass if an attacker makes multiple attempts to...

MS14-011: Description of the security update for Visual Basic Scripting Edition (VBScript) 5.8: February 11, 2014

Addresses a vulnerability by changing how the VBScript scripting engine handles objects in memory.INTRODUCTIONMicrosoft has released security bulletin MS14-011. To view the complete security bulletin, go to one of the following Microsoft websites: Home...

MS14-009: Vulnerabilities in the .NET Framework could allow elevation of privilege: February 11, 2014

Resolves vulnerabilities that could allow elevation of privilege if a user visits a specially crafted website or a website that contains specially crafted web content.View products that this article applies to.IntroductionThis update resolves vulnerabilities that could allow elevation of privileg...

MS14-001: Description of the security update for Office Web Apps Server 2013: January 14, 2014

Resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word or other affected Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user right...

MS14-003: Vulnerability in Windows kernel-mode drivers could allow elevation of privilege: January 14, 2014

Resolves a vulnerability in Windows that could allow elevation of privilege if a user logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.INTRODUCTIONMicrosoft has released securi...

MS14-001: Description of the security update for Word Automation Services in SharePoint Server 2010: January 14, 2014

Resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word or other affected Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user right...

MS14-004: Vulnerability in Microsoft Dynamics AX could allow denial of service: January 14, 2014

Resolves a vulnerability in Microsoft Dynamics AX that could allow denial of service if an authenticated attacker submits specially crafted data to an affected Dynamics AX server. An attacker who successfully exploited this vulnerability could cause the target Dynamics AX server to stop respondin...

MS14-001: Description of the security update for Word 2013: January 14, 2014

Resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word or other affected Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user right...

MS14-001: Vulnerabilities in Microsoft Word and Office web apps could allow remote code execution: January 14, 2014

Resolves vulnerabilities in Microsoft Office that could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word or other affected Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user right...

MS13-099: Vulnerability in Microsoft Scripting Runtime Object Library could allow remote code execution: December 10, 2013

Resolves a vulnerability in Windows that could allow remote code execution if an attacker convinces a user to go to a specially crafted website or a website that hosts specially crafted content.INTRODUCTIONMicrosoft has released security bulletin MS13-099. To view the complete security bulletin, ...

MS13-096: Vulnerability in Microsoft Graphics component could allow remote code execution: December 10, 2013

Resolves a vulnerability in Microsoft Windows, Microsoft Office, and Microsoft Lync that could allow remote code execution if a user views content that contains specially crafted TIFF files.INTRODUCTIONMicrosoft has released security bulletin MS13-096. To view the complete security bulletin, visi...

MS13-105: Vulnerabilities in Microsoft Exchange Server could allow remote code execution: December 10, 2013

Resolves vulnerabilities in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. These vulnerabilities could allow remote code execution in the security context of the LocalService account if an attacker sends an email message that contains a specially...

MS13-103: Vulnerability in ASP.NET SignalR could allow elevation of privilege: December 10, 2013

Resolves a vulnerability in ASP.NET SignalR that could allow elevation of privilege if an attacker reflects specially crafted JavaScript back to the browser of a targeted user.INTRODUCTIONMicrosoft has released security bulletin MS13-103. To view the complete security bulletin, visit one of the...

MS13-100: Description of the security update for SharePoint Server 2013 (coreserverloc): December 10, 2013

The security update addresses the vulnerabilities by correcting how SharePoint server sanitizes specially crafted page content.INTRODUCTIONMicrosoft has released security bulletin MS13-100. To view the complete security bulletin, visit one of the following Microsoft websites: Home...

MS13-100: Description of the security update for Office Web Apps Server: December 10, 2013

The security update addresses the vulnerabilities by correcting how SharePoint server sanitizes specially crafted page content.INTRODUCTIONMicrosoft has released security bulletin MS13-100. To view the complete security bulletin, visit one of the following Microsoft websites: Home...

MS13-100: Vulnerabilities in Microsoft SharePoint Server could allow remote code execution: December 10, 2013

The security update addresses the vulnerabilities by correcting how SharePoint Server sanitizes specially crafted page content.INTRODUCTIONMicrosoft has released security bulletin MS13-100. To view the complete security bulletin, visit one of the following Microsoft websites: Home...

MS13-097: Cumulative security update for Internet Explorer: December 10, 2013

Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage by using Internet Explorer.The update that this article describes has been replaced by a newer update. We recommend that you install the most current cumulative securit...

MS13-106: Vulnerability in a Microsoft Office shared component could allow security feature bypass: December 10, 2013

This security update addresses the vulnerability by helping to make sure that the Microsoft Office shared component correctly implements address space layout randomization ASLR.INTRODUCTIONMicrosoft has released security bulletin MS13-106. To view the complete security bulletin, visit one of the...

MS13-104: Vulnerability in Microsoft Office could allow information disclosure: December 10, 2013

Describes a security update that addresses a vulnerability by helping to make sure that Microsoft Office software correctly handles specially crafted responses from websites.INTRODUCTIONMicrosoft has released security bulletin MS13-104. To view the complete security bulletin, go to one of the...

MS13-091: Vulnerabilities in Microsoft Office could allow remote code execution: November 12, 2013

Describes a security update that addresses vulnerabilities by correcting how Office parses specially crafted files and how the XML parser that is used by Word resolves external entities in a specially crafted file.INTRODUCTIONMicrosoft has released security bulletin MS13-091. To view the complete...

MS13-088: Cumulative security update for Internet Explorer: November 12, 2013

Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage by using Internet Explorer.The update that this article describes has been replaced by a newer update. We recommend that you install the most current cumulative securit...

MS13-094: Vulnerability in Outlook could allow information disclosure: November 12, 2013

Resolves a security vulnerability in Microsoft Outlook that could allow information disclosure when a specially crafted email message is opened or previewed.IntroductionThis update resolves a security vulnerability in Microsoft Outlook that could allow information disclosure when a specially...

MS13-085: Description of the security update for Microsoft Excel 2013: October 8, 2013

This security update addresses the vulnerabilities by correcting how Microsoft Excel and other affected Microsoft software validates data when parsing specially crafted Office files.INTRODUCTIONMicrosoft has released security bulletin MS13-085. To view the complete security bulletin, visit one of...

MS13-084: Vulnerabilities in Microsoft SharePoint Server could allow remote code execution: October 8, 2013

This security update addresses the vulnerabilities by correcting how affected Microsoft software validates data when parsing specially crafted Office files and by changing configuration of SharePoint pages to help provide additional protection against clickjacking attacks.INTRODUCTIONMicrosoft ha...

MS13-085: Description of the security update for Microsoft Office 2010 (Oart.dll): October 8, 2013

Describes a security update that addresses vulnerabilities by correcting how Microsoft Excel and other affected Microsoft software validate data when they parse specially crafted Office files.INTRODUCTIONMicrosoft has released security bulletin MS13-085. To view the complete security bulletin, go...

MS13-084: Description of the security update for Word Online: October 8, 2013

This security update addresses the vulnerabilities by correcting how affected Microsoft software validates data when parsing specially crafted Office files and by changing configuration of SharePoint pages to help provide additional protection against clickjacking attacks.INTRODUCTIONMicrosoft ha...

MS13-084: Description of the security update for Office Web Apps Server 2013: October 8, 2013

This security update corrects the way affected Microsoft software validates data when parsing specially crafted Office files. It also changes the configuration of SharePoint pages to provide additional protection against click-jacking attacks.INTRODUCTIONMicrosoft has released security bulletin...

MS13-081: Vulnerabilities in Windows kernel-mode drivers could allow remote code execution: October 8, 2013

Resolves vulnerabilities in Windows that could allow remote code execution if a user views shared content that embeds OpenType or TrueType font files. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.INTRODUCTIONMicrosoft has released...

MS13-080: Description of the security update for Internet Explorer 11 in Windows 8.1 and Windows Server 2012 R2: October 8, 2013

Resolves vulnerabilities in Internet Explorer 11 that could allow remote code execution if a user views a specially crafted webpage in Internet Explorer.INTRODUCTIONMicrosoft has released security bulletin MS13-080. To view the complete security bulletin, go to one of the following Microsoft...

MS13-082: Vulnerabilities in the .NET Framework could allow remote code execution: October 8, 2013

Resolves vulnerabilities in the Microsoft .NET Framework that could allow remote code execution or denial of service.View products that this article applies to.IntroductionThis update resolves vulnerabilities in the Microsoft .NET Framework that could allow remote code execution or denial of...

MS13-084: Description of the security update for Excel Web App: October 8, 2013

Describes a security update that addresses vulnerabilities by correcting how affected Microsoft software validates data when the software parses specially crafted Office files and by changing the configuration of SharePoint pages to help provide additional protection against clickjacking...

MS13-085: Vulnerabilities in Microsoft Excel could allow remote code execution: October 8, 2013

Describes a security update that addresses vulnerabilities by correcting how Microsoft Excel and other affected Microsoft software validate data when they parse specially crafted Office files.INTRODUCTIONMicrosoft has released security bulletin MS13-085. To view the complete security bulletin, go...

MS13-084: Description of the security update for Excel Services in SharePoint Server 2013: October 8, 2013

Describes a security update that addresses vulnerabilities by correcting how affected Microsoft software validates data when the software parses specially crafted Office files and by changing the configuration of SharePoint pages to help provide additional protection against clickjacking...

MS13-084: Description of the security update for Excel Services in Microsoft SharePoint Server 2010: October 8, 2013

This security update addresses the vulnerabilities by correcting how affected Microsoft software validates data when parsing specially crafted Office files and by changing configuration of SharePoint pages to help provide additional protection against clickjacking attacks.INTRODUCTIONMicrosoft ha...

MS13-084: Description of the security update for Word Automation Services in SharePoint Server 2010: October 8, 2013

Describes a security update that addresses vulnerabilities by correcting how affected Microsoft software validates data when the software parses specially crafted Office files and by changing the configuration of SharePoint pages to help provide additional protection against clickjacking...

MS13-067: Description of the security update for Excel Services in SharePoint Server 2010: September 10, 2013

Resolves vulnerabilities in Microsoft Office server software that could allow remote code execution in the context of the W3wp.exe process service account.IntroductionThis security update resolves vulnerabilities in Microsoft Office server software that could allow remote code execution in the...

MS13-074: Vulnerabilities in Microsoft Access could allow remote code execution: September 10, 2013

Resolves security vulnerabilities in Microsoft Access that could allow remote code execution when a specially crafted Access file is opened.IntroductionThis update resolves security vulnerabilities in Microsoft Access that could allow remote code execution when a specially crafted Access file is...

MS13-067: Vulnerabilities in Microsoft SharePoint Server could allow remote code execution: September 10, 2013

Resolves vulnerabilities in Microsoft Office Server software that could allow remote code execution in the context of the W3WP service account.View products that this article applies to.IntroductionThis security update resolves vulnerabilities in Microsoft Office Server software that could allow...