- Threat Encyclopedia
- Vulnerabilities
- Latest Security Advisories & Notable Vulnerabilities
This security update addresses one publicly and three privately disclosed vulnerabilities in Microsoft .NET Framework. The most dangerous of these may lead to elevation of privilege if a potential attacker sends a maliciously crafted web request to the target. Successfully exploiting this system bug could also lead to execution of arbitrary command using an existing account on the ASP.NET site. To do this, an attacker must be registered to an account on the ASP.NET site and use an existing user credential.
Unspecified vulnerability in theJava Runtime Environment component in Oracle Java SE JDK and JRE allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to scripting.
A vulnerability in a Microsoft Windows component that may allow an attacker to execute code on the vulnerable machine. The vulnerability exists in the Win32k TrueType font parsing engine.
Once successfully exploited, this vulnerability can allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is purportedly related to DUQU malware. Note that the following operating systems' Server Core installations are not affected by this vulnerability:
This page will be updated as soon as new information is available.
Microsoft addresses the following vulnerabilities in its November batch of patches:
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system. Read more here.
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user opens a specially crafted TrueType font file as an e-mail attachment or navigates to a network share or WebDAV location containing a specially crafted TrueType font file. Read more here.
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Read more here.
This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). Read more here.
Microsoft addresses the following vulnerabilities in its October batch of patches:
Microsoft addresses the following vulnerabilities in its September batch of patches:
Microsoft addresses the following vulnerabilities in its August batch of patches: