Microsoft Vulnerabilities

MS16-054 – Critical: Security Update for Microsoft Office (3155544) – Version:...

Multiple Microsoft Office Memory Corruption Vulnerabilities Multiple remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory.

An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.
If the current user is logged on with administrative user rights, an attacker could take control of the affected system.

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software.
In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file.
In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities.

An attacker would have no way to force users to visit the website.
Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince them to open the specially crafted file.

The security update addresses the vulnerabilities by correcting how Office handles objects in memory. Note that where the severity is indicated as Critical in the Affected Software and Vulnerability Severity Ratings table, the Preview Pane is an attack vector for CVE-2016-0198.

The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts. The following tables contain links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability title CVE number Publicly disclosed Exploited Microsoft Office Memory Corruption Vulnerability CVE-2016-0126 No No Microsoft Office Memory Corruption Vulnerability CVE-2016-0140 No No Microsoft Office Memory Corruption Vulnerability CVE-2016-0198 No No Mitigating Factors Microsoft has not identified any mitigating factors for these vulnerabilities. Workarounds Microsoft has not identified any workarounds for this vulnerability. Microsoft Office Graphics RCE Vulnerability - CVE-2016-0183 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts.

An attacker who successfully exploited this vulnerability could take control of the affected system.

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability, and then convince a user to view the website.

An attacker would have no way to force a user to view the attacker-controlled content.
Instead, an attacker would have to convince a user to take action, typically by getting the user to click a link in an email or in an Instant Messenger message that takes the user to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit the vulnerability, and then convince a user to open the document file. Note that where the severity is indicated as Critical in the Affected Software and Vulnerability Severity Ratings table, the Preview Pane is an attack vector for CVE-2016-0183.

The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts. The following tables contain links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability title CVE number Publicly disclosed Exploited Microsoft Office Graphics RCE Vulnerability CVE-2016-0183 No No Mitigating Factors Microsoft has not identified any mitigating factors for these vulnerabilities. Workarounds The following workarounds may be helpful in your situation: Workaround for CVE-2016-0183 Use Microsoft Office File Block policy to prevent Office from opening RTF documents from unknown or untrusted sources Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. For Office 2007 Run regedit.exe as Administrator and navigate to the following subkey: [HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock] Set the RtfFiles DWORD value to 1. Note To use 'FileOpenBlock' with Office 2007, all of the latest Office 2007 security updates as of May 2007 must be applied. For Office 2010 Run regedit.exe as Administrator and navigate to the following subkey: [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\FileBlock] Set the RtfFiles DWORD value to 2. Set the OpenInProtectedView DWORD value to 0. For Office 2013 Run regedit.exe as Administrator and navigate to the following subkey: [HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Security\FileBlock] Set the RtfFiles DWORD value to 2. Set the OpenInProtectedView DWORD value to 0. Impact of Workaround. Users who have configured the File Block policy and have not configured a special “exempt directory” as discussed in Microsoft Knowledge Base Article 922849 will be unable to open documents saved in the RTF format. How to undo the workaround For Office 2007 Run regedit.exe as Administrator and navigate to the following subkey: [HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock] Set the RtfFiles DWORD value to 0. For Office 2010 Run regedit.exe as Administrator and navigate to the following subkey: [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\FileBlock] Set the RtfFiles DWORD value to 0. Leave the OpenInProtectedView DWORD value set to 0. For Office 2013 Run regedit.exe as Administrator and navigate to the following subkey: [HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Security\FileBlock] Set the RtfFiles DWORD value to 0. Leave the OpenInProtectedView DWORD value set to 0. Prevent Word from loading RTF files Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. Interactive managed script method For Word 2007 Click Start, click Run, in the Open box, type regedit, and then click OK. Locate and then click the following registry subkey: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock Note that if the FileOpenBlock subkey does not exist, you must create it.

To do this, follow these steps: Select the Security subkey. On the Edit menu, point to New, and then click Key. Type FileOpenBlock, and then press Enter. After you select the FileOpenBlock subkey, locate the DWORD value RtfFiles. Note that if the FileOpenBlock subkey does not exist, you must create it.

To do this, follow these steps: Right-click RtfFiles and then click Modify. In the Value data box, type 1, and then click OK. On the File menu, click Exit to exit Registry Editor. Managed deployment script method For Word 2007 Save the following to a file with a .reg extension (For example Disable_RTF_In_Word.reg): [HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock] "RtfFiles"=dword:00000001 Run the above registry script created in step 1 on the target machine with the following command from an administrator command prompt: Regedit / s Disable_RTF_In_Word.reg Note RTF files will not be readable by Word.

MS16-133 – Important: Security Update for Microsoft Office (3199168) – Version:...

Microsoft Office Information Disclosure Vulnerability – CVE-2016-7233 An information disclosure vulnerability exists when Office or Word reads out of bound memory due to an uninitialized variable which could disclose the contents of memory.

An attacker who successfully exploited the vulnerability could view out of bounds memory. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. The security update addresses the vulnerability by properly initializing the variable. The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability title CVE number Publicly disclosed Exploited Microsoft Office Information Disclosure Vulnerability CVE-2016-7233 No No Mitigating Factors Microsoft has not identified any mitigating factors for this vulnerability. Workarounds Microsoft has not identified any workarounds for this vulnerability. Multiple Microsoft Office Memory Corruption Vulnerabilities Multiple remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory.

An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.
If the current user is logged on with administrative user rights, an attacker could take control of the affected system.

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software.
In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file.
In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities.

An attacker would have no way to force users to visit the website.
Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for these vulnerabilities.

The security update addresses the vulnerabilities by correcting how Office handles objects in memory. The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability title CVE number Publicly disclosed Exploited Microsoft Office Memory Corruption Vulnerability CVE-2016-7213 No No Microsoft Office Memory Corruption Vulnerability CVE-2016-7228 No No Microsoft Office Memory Corruption Vulnerability CVE-2016-7229 No No Microsoft Office Memory Corruption Vulnerability CVE-2016-7230 No No Microsoft Office Memory Corruption Vulnerability CVE-2016-7231 No No Microsoft Office Memory Corruption Vulnerability CVE-2016-7232 No No Microsoft Office Memory Corruption Vulnerability CVE-2016-7234 No No Microsoft Office Memory Corruption Vulnerability CVE-2016-7235 No No Microsoft Office Memory Corruption Vulnerability CVE-2016-7236 No No Microsoft Office Memory Corruption Vulnerability CVE-2016-7245 No No Mitigating Factors Microsoft has not identified any mitigating factors for these vulnerabilities. Workarounds Microsoft has not identified any workarounds for these vulnerabilities. Microsoft Office Denial of Service Vulnerability – CVE-2016-7244 A denial of service vulnerability exists when a specially crafted file is opened in Microsoft Office.

An attacker who successfully exploited the vulnerability could cause Office to stop responding.  Note that the denial of service would not allow an attacker to execute code or to elevate their user rights. For an attack to be successful, this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office.
In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted file to the user and by convincing the user to open the file. The update addresses the vulnerability by correcting how Microsoft Office handles objects in memory. The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability title CVE number Publicly disclosed Exploited Microsoft Office Denial of Service Vulnerability CVE-2016-7244 No No Mitigating Factors Microsoft has not identified any mitigating factors for this vulnerability. Workarounds Microsoft has not identified any workarounds for this vulnerability.

Update Rollup of Revoked Non-Compliant UEFI Modules – Version: 1.0

Revision Note: V1.0 (May 13, 2014): Advisory published.Summary: With this advisory, Microsoft is revoking the digital signature for four private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure B...

Update For Minimum Certificate Key Length – Version: 2.0

Revision Note: V2.0 (October 9, 2012): Revised advisory to rerelease the KB2661254 update for Windows XP and to announce that the KB2661254 update for all supported releases of Microsoft Windows is now offered through automatic updating. Customers who ...

3109853 – Update to Improve TLS Session Resumption Interoperability – Version:...

Revision Note: V1.0 (January 12, 2016): Advisory published.Summary: Microsoft is announcing the availability of an update to improve interoperability between Schannel-based TLS clients and 3rd-party TLS servers that enable RFC5077-based resumption and ...

MS16-147 – Critical: Security Update for Microsoft Uniscribe (3204063) – Version:...

The following software versions or editions are affected.
Versions or editions that are not listed are either past their support life cycle or are not affected.

To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.The severity ratings indicated for each affected software assume the potential maximum impact of the vulnerability.

For information regarding the likelihood, within 30 days of this security bulletin’s release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the December bulletin summary.Note Please see the Security Update Guide for a new approach to consuming the security update information. You can customize your views and create affected software spreadsheets, as well as download data via a restful API.

For more information, please see the Security Updates Guide FAQ.

As a reminder, the Security Updates Guide will be replacing security bulletins as of February 2017. Please see our blog post, Furthering our commitment to security updates, for more details.[1]Beginning with the October 2016 release, Microsoft has changed the update servicing model for Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2.

For more information, please see this Microsoft TechNet article.[2] Windows 10 and Windows Server 2016 updates are cumulative.

The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates.

The updates are available via the Microsoft Update Catalog. Please note that effective December 13, 2016, Windows 10 and Windows Server 2016 details for the Cumulative Updates will be documented in Release Notes. Please refer to the Release Notes for OS Build numbers, Known Issues, and affected file list information.*The Updates Replaced column shows only the latest update in any chain of superseded updates.

For a comprehensive list of updates replaced, go to the Microsoft Update Catalog, search for the update KB number, and then view update details (updates replaced information is provided on the Package Details tab).Note The vulnerability discussed in this bulletin affects Windows Server 2016 Technical Preview 5.

Although an update is available for Windows Server 2016 Technical Preview 5 via Windows Update, Microsoft recommends that customers upgrade to Window Server 2016 at their earliest convenience. 

Update Rollup of Revoked Non-Compliant UEFI Modules – Version: 1.1

Revision Note: V1.1 (June 10, 2014): Advisory revised to announce a detection change for the update rollup (updates 2920189 and 2961908). This is a detection change only. There were no changes to the update files. Customers who have already successfull...

Wireless PEAP-MS-CHAPv2 Authentication Could Allow Information Disclosure – Version: 1.0

Revision Note: V1.0 (August 4, 2013): Advisory published.Summary: Microsoft is aware of a public report that describes a known weakness in the Wi-Fi authentication protocol known as PEAP-MS-CHAPv2 (Protected Extensible Authentication Protocol with Micr...

MS15-SEP – Microsoft Security Bulletin Summary for September 2015 – Version:...

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.Use this table to learn about the likelihood of code execution and denial of service exploits within 30 days of security bulletin release, for each of the security updates that you may need to install. Review each of the assessments below, in accordance with your specific configuration, to prioritize your deployment of this month's updates. For more information about what these ratings mean, and how they are determined, please see Microsoft Exploitability Index.In the columns below, "Latest Software Release" refers to the subject software, and "Older Software Releases" refers to all older, supported releases of the subject software, as listed in the "Affected Software" and "Non-Affected Software" tables in the bulletin. Bulletin ID Vulnerability Title CVE ID Exploitability Assessment forLatest Software Release Exploitability Assessment forOlder Software Release Denial of ServiceExploitability Assessment MS15-094 Information Disclosure Vulnerability CVE-2015-2483 2 - Exploitation Less Likely 2 - Exploitation Less Likely Not Applicable MS15-094 Tampering Vulnerability CVE-2015-2484 2 - Exploitation Less Likely 2 - Exploitation Less Likely Not Applicable MS15-094 Memory Corruption Vulnerability CVE-2015-2485 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable MS15-094 Memory Corruption Vulnerability CVE-2015-2486 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable MS15-094 Memory Corruption Vulnerability CVE-2015-2487 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable MS15-094 Elevation of Privilege Vulnerability CVE-2015-2489 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable MS15-094 Memory Corruption Vulnerability CVE-2015-2490 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable MS15-094 Memory Corruption Vulnerability CVE-2015-2491 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable MS15-094 Memory Corruption Vulnerability CVE-2015-2492 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable MS15-094 Scripting Engine Memory Corruption Vulnerability CVE-2015-2493 4 - Not Affected 1 - Exploitation More Likely Not Applicable MS15-094 Memory Corruption Vulnerability CVE-2015-2494 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable MS15-094 Information Disclosure Vulnerability CVE-2015-2496 0 - Exploitation Detected 0 - Exploitation Detected Not Applicable MS15-094 Memory Corruption Vulnerability CVE-2015-2498 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable MS15-094 Memory Corruption Vulnerability CVE-2015-2499 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable MS15-094 Memory Corruption Vulnerability CVE-2015-2500 4 - Not Affected 1 - Exploitation More Likely Not Applicable MS15-094 Memory Corruption Vulnerability CVE-2015-2501 4 - Not Affected 1 - Exploitation More Likely Not Applicable MS15-094 Memory Corruption Vulnerability CVE-2015-2541 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable MS15-094 Memory Corruption Vulnerability CVE-2015-2542 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable MS15-095 Memory Corruption Vulnerability CVE-2015-2485 1 - Exploitation More Likely 4 - Not Affected Not Applicable MS15-095 Memory Corruption Vulnerability CVE-2015-2486 1 - Exploitation More Likely 4 - Not Affected Not Applicable MS15-095 Memory Corruption Vulnerability CVE-2015-2494 1 - Exploitation More Likely 4 - Not Affected Not Applicable MS15-095 Memory Corruption Vulnerability CVE-2015-2542 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable MS15-096 Active Directory Denial of Service Vulnerability CVE-2015-2535 4 - Not Affected 3 - Exploitation Unlikely Permanent MS15-097 OpenType Font Parsing Vulnerability CVE-2015-2506 1 - Exploitation More Likely 1 - Exploitation More Likely Permanent MS15-097 Font Driver Elevation of Privilege Vulnerability CVE-2015-2507 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable MS15-097 Font Driver Elevation of Privilege Vulnerability CVE-2015-2508 2 - Exploitation Less Likely 4 - Not Affected Temporary MS15-097 Graphics Component Buffer Overflow Vulnerability CVE-2015-2510 2 - Exploitation Less Likely 1 - Exploitation More Likely Not Applicable MS15-097 Win32k Memory Corruption Elevation of Privilege Vulnerability CVE-2015-2511 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable MS15-097 Font Driver Elevation of Privilege Vulnerability CVE-2015-2512 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable MS15-097 Win32k Memory Corruption Elevation of Privilege Vulnerability CVE-2015-2517 1 - Exploitation More Likely 1 - Exploitation More Likely Permanent MS15-097 Win32k Memory Corruption Elevation of Privilege Vulnerability CVE-2015-2518 1 - Exploitation More Likely 1 - Exploitation More Likely Permanent MS15-097 Win32k Elevation of Privilege Vulnerability CVE-2015-2527 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable MS15-097 Kernel ASLR Bypass Vulnerability CVE-2015-2529 2 - Exploitation Less Likely 2 - Exploitation Less Likely Not Applicable MS15-097 Win32k Memory Corruption Elevation of Privilege Vulnerability CVE-2015-2546 1 - Exploitation More Likely 0 - Exploitation Detected Not Applicable MS15-098 Windows Journal RCE Vulnerability CVE-2015-2513 3 - Exploitation Unlikely 3 - Exploitation Unlikely Not Applicable MS15-098 Windows Journal DoS Vulnerability CVE-2015-2514 3 - Exploitation Unlikely 3 - Exploitation Unlikely Not Applicable MS15-098 Windows Journal DoS Vulnerability CVE-2015-2516 3 - Exploitation Unlikely 3 - Exploitation Unlikely Not Applicable MS15-098 Windows Journal Integer Overflow RCE Vulnerability CVE-2015-2519 3 - Exploitation Unlikely 3 - Exploitation Unlikely Not Applicable MS15-098 Windows Journal RCE Vulnerability CVE-2015-2530 3 - Exploitation Unlikely 3 - Exploitation Unlikely Not Applicable MS15-099 Microsoft Office Memory Corruption Vulnerability CVE-2015-2520 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable MS15-099 Microsoft Office Memory Corruption Vulnerability CVE-2015-2521 4 - Not Affected 1 - Exploitation More Likely Not Applicable MS15-099 Microsoft SharePoint XSS Spoofing Vulnerability CVE-2015-2522 3 - Exploitation Unlikely 4 - Not Affected Not Applicable MS15-099 Microsoft Office Memory Corruption Vulnerability CVE-2015-2523 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable MS15-099 Microsoft Office Malformed EPS File Vulnerability CVE-2015-2545 1 - Exploitation More Likely 0 - Exploitation Detected Not Applicable MS15-100 Windows Media Center RCE Vulnerability CVE-2015-2509 2 - Exploitation Less Likely 2 - Exploitation Less Likely Not Applicable MS15-101 .NET Elevation of Privilege Vulnerability CVE-2015-2504 2 - Exploitation Less Likely 2 - Exploitation Less Likely Not Applicable MS15-101 MVC Denial of Service Vulnerability CVE-2015-2526 2 - Exploitation Less Likely 2 - Exploitation Less Likely Temporary MS15-102 Windows Task Management Elevation of Privilege Vulnerability CVE-2015-2524 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable MS15-102 Windows Task File Deletion Elevation of Privilege Vulnerability CVE-2015-2525 4 - Not Affected 1 - Exploitation More Likely Not Applicable MS15-102 Windows Task Management Elevation of Privilege Vulnerability CVE-2015-2528 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable MS15-103 Exchange Information Disclosure Vulnerability CVE-2015-2505 3 - Exploitation Unlikely 3 - Exploitation Unlikely Not Applicable MS15-103 Exchange Spoofing Vulnerability CVE-2015-2543 3 - Exploitation Unlikely 3 - Exploitation Unlikely Not Applicable MS15-103 Exchange Spoofing Vulnerability CVE-2015-2544 3 - Exploitation Unlikely 3 - Exploitation Unlikely Not Applicable MS15-104 Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability CVE-2015-2531 3 - Exploitation Unlikely 3 - Exploitation Unlikely Not Applicable MS15-104 Lync Server XSS Information Disclosure Vulnerability CVE-2015-2532 4 - Not Affected 3 - Exploitation Unlikely Not Applicable MS15-104 Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability CVE-2015-2536 3 - Exploitation Unlikely 3 - Exploitation Unlikely Not Applicable MS15-105 Hyper-V Security Feature Bypass Vulnerability CVE-2015-2534 2 - Exploitation Less Likely 2 - Exploitation Less Likely Not Applicable

2755801 – Update for Vulnerabilities in Adobe Flash Player in Internet...

Revision Note: V36.0 (January 27, 2015): Added the 3035034 update to the Current Update section.Summary: Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows S...

2871997 – Update to Improve Credentials Protection and Management – Version:...

Revision Note: V3.0 (September 9, 2014): Rereleased advisory to announce the release of update 2982378 to provide additional protection for users’ credentials when logging into a Windows 7 or Windows Server 2008 R2 system. See Updates Related to this Advisory for details.Summary: Microsoft is announcing the availability of updates for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 that improve credential protection and domain authentication controls to reduce credential theft.

2755801 – Update for Vulnerabilities in Adobe Flash Player in Internet...

Revision Note: V48.0 (October 13, 2015): Added the 3099406 update to the Current Update section.Summary: Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows S...