Acknowledgments – 2015

Microsoft extends thanks to the following for working with us to help protect customers.

Bulletin ID   

Vulnerability Title

CVE ID

Acknowledgment

December 2015

MS15-135

Windows Kernel Memory Elevation of Privilege Vulnerability

CVE-2015-6171

Nils Sommer of bytegeist, working with Google Project Zero

MS15-135

Windows Kernel Memory Elevation of Privilege Vulnerability

CVE-2015-6173

Nils Sommer of bytegeist, working with Google Project Zero

MS15-135

Windows Kernel Memory Elevation of Privilege Vulnerability

CVE-2015-6174

Nils Sommer of bytegeist, working with Google Project Zero

MS15-135

Windows Kernel Memory Elevation of Privilege Vulnerability

CVE-2015-6175

ChenDong Li of Tencent

MS15-134

Windows Media Center Information Disclosure Vulnerability

CVE-2015-6127

Francisco Falcon of Core Security

MS15-134

Media Center Library Parsing RCE Vulnerability

CVE-2015-6131

Zhang YunHai of NSFOCUS Security Team

MS15-134

Windows Library Loading Remote Code Execution Vulnerability

CVE-2015-6128

Steven Vittitoe of Google Project Zero

MS15-134

Windows Library Loading Remote Code Execution Vulnerability

CVE-2015-6128

Parvez Anwar

MS15-132

Windows Library Loading Remote Code Execution Vulnerability

CVE-2015-6132

Yorick Koster of Securify B.V.

MS15-132

Windows Library Loading Remote Code Execution Vulnerability

CVE-2015-6132

Steven Vittitoe of Google Project Zero

MS15-131

Microsoft Office Memory Corruption Vulnerability

CVE-2015-6040

Steven Vittitoe of Google Project Zero

MS15-131

Microsoft Office Memory Corruption Vulnerability

CVE-2015-6118

Kai Lu of Fortinet's FortiGuard Labs

MS15-131

Microsoft Office Memory Corruption Vulnerability

CVE-2015-6122

Steven Vittitoe of Google Project Zero

MS15-131

Microsoft Office RCE Vulnerability

CVE-2015-6172

Haifei Li

MS15-131

Microsoft Office Memory Corruption Vulnerability

CVE-2015-6177

Kai Lu of Fortinet's FortiGuard Labs

MS15-130

Windows Integer Underflow Vulnerability

CVE-2015-6130

Hossein Lotfi, Secunia Research (now part of Flexera Software)

MS15-129

Microsoft Silverlight Information Disclosure Vulnerability

CVE-2015-6165

Marcin 'Icewall' Noga of Cisco Talos

MS15-128

Graphics Memory Corruption Vulnerability

CVE-2015-6106

Steven Vittitoe of Google Project Zero

MS15-128

Graphics Memory Corruption Vulnerability

CVE-2015-6107

Steven Vittitoe of Google Project Zero

MS15-126

Scripting Engine Information Disclosure Vulnerability

CVE-2015-6135

Simon Zuckerbraun, working with HP’s Zero Day Initiative

MS15-126

Scripting Engine Memory Corruption Vulnerability

CVE-2015-6136

Simon Zuckerbraun, working with HP’s Zero Day Initiative

MS15-126

Scripting Engine Memory Corruption Vulnerability

CVE-2015-6136

An anonymous researcher, working with HP’s Zero Day Initiative

MS15-126

Scripting Engine Memory Corruption Vulnerability

CVE-2015-6136

Yuki Chen of Qihoo 360Vulcan Team

MS15-126

Scripting Engine Memory Corruption Vulnerability

CVE-2015-6137

Anonymous contributor, working with VeriSign iDefense Labs

MS15-125

Microsoft Browser Elevation of Privilege Vulnerability

CVE-2015-6139

Michal Bentkowski

MS15-125

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6140

Bo Qu of Palo Alto Networks

MS15-125

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6142

Simon Zuckerbraun, working with HP’s Zero Day Initiative

MS15-125

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6142

Zheng Huang of the Baidu Scloud XTeam, working with VeriSign iDefense Labs

MS15-125

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6148

A3F2160DCA1BDE70DA1D99ED267D5DC1EC336192, working with HP’s Zero Day Initiative

MS15-125

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6151

Li Kemeng of Baidu Security Team(x-Team) , working with HP’s Zero Day Initiative

MS15-125

Microsoft Edge Memory Corruption Vulnerability

CVE-2015-6153

Shi Ji (@Puzzor) of VARAS@IIE

MS15-125

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6154

ChenDong Li and YunZe Ni of Tencent

MS15-125

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6155

Zheng Huang of the Baidu Scloud XTeam, working with VeriSign iDefense Labs

MS15-125

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6158

Zheng Huang of the Baidu Scloud XTeam, working with VeriSign iDefense Labs

MS15-125

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6159

Zheng Huang of the Baidu Scloud XTeam

MS15-125

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6159

Jason Kratzer, working with HP’s Zero Day Initiative

MS15-125

Microsoft Browser ASLR Bypass

CVE-2015-6161

Rh0

MS15-125

Microsoft Edge Memory Corruption Vulnerability

CVE-2015-6168

SkyLined, working with HP’s Zero Day Initiative

MS15-125

Microsoft Edge Spoofing Vulnerability

CVE-2015-6169

Stephan Brunner

MS15-125

Microsoft Edge Elevation of Privilege Vulnerability

CVE-2015-6170

Mario Heiderich of Cure53

MS15-125

Microsoft Edge XSS Filter Bypass Vulnerability

CVE-2015-6176

Masato Kinugawa

MS15-124

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6083

Hui Gao of Palo Alto Networks

MS15-124

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6083

B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative

MS15-124

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6134

SkyLined, working with HP’s Zero Day Initiative

MS15-124

Scripting Engine Information Disclosure Vulnerability

CVE-2015-6135

Simon Zuckerbraun, working with HP’s Zero Day Initiative

MS15-124

Scripting Engine Information Disclosure Vulnerability

CVE-2015-6136

Simon Zuckerbraun, working with HP’s Zero Day Initiative

MS15-124

Microsoft Browser Elevation of Privilege Vulnerability

CVE-2015-6139

Michal Bentkowski

MS15-124

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6140

Bo Qu of Palo Alto Networks

MS15-124

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6141

B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative

MS15-124

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6142

Simon Zuckerbraun, working with HP’s Zero Day Initiative

MS15-124

Microsoft Browser XSS Filter Bypass Vulnerability

CVE-2015-6144

Masato Kinugawa

MS15-124

Microsoft Browser XSS Filter Bypass Vulnerability

CVE-2015-6144

Filedescriptor

MS15-124

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6145

Cong Zhang and Yi Jiang, working with Beijing VRV Software Co., LTD.

MS15-124

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6146

Bo Qu of Palo Alto Networks

MS15-124

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6147

B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative

MS15-124

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6148

A3F2160DCA1BDE70DA1D99ED267D5DC1EC336192, working with HP’s Zero Day Initiative

MS15-124

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6149

B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative

MS15-124

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6150

B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative

MS15-124

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6151

Li Kemeng of Baidu Security Team(x-Team) , working with HP’s Zero Day Initiative

MS15-124

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6152

Moritz Jodeit of Blue Frost Security

MS15-124

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6153

Shi Ji (@Puzzor) of VARAS@IIE

MS15-124

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6154

ChenDong Li and YunZe Ni of Tencent

MS15-124

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6155

Zheng Huang of the Baidu Scloud XTeam, working with VeriSign iDefense Labs

MS15-124

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6156

Anonymous contributor, working with VeriSign iDefense Labs

MS15-124

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6157

Zheng Huang of the Baidu Scloud XTeam, working with VeriSign iDefense Labs

MS15-124

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6158

Zheng Huang of the Baidu Scloud XTeam, working with VeriSign iDefense Labs

MS15-124

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6159

Zheng Huang of the Baidu Scloud XTeam

MS15-124

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6159

Jason Kratzer, working with HP’s Zero Day Initiative

MS15-124

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6160

Garage4Hackers, working with HP’s Zero Day Initiative

MS15-124

Internet Explorer ASLR Bypass

CVE-2015-6161

Rh0

MS15-124

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6162

Wenxiang Qian of TencentQQBrowser

November 2015

MS15-123

Server Input Validation Information Disclosure Vulnerability

CVE-2015-6061

Fatih Ozavci - Sense of Security

MS15-122

Windows Kerberos Security Feature Bypass

CVE-2015-6095

Ian Haken of Synopsys Inc.

MS15-119

Winsock Elevation of Privilege Vulnerability

CVE-2015-2478

Alex Ionescu of Winsider Seminars & Solutions Inc.

MS15-119

Winsock Elevation of Privilege Vulnerability

CVE-2015-2478

Thomas Faber, of CrowdStrike Inc.

MS15-118

.NET Elevation of Privilege Vulnerability

CVE-2015-6099

John Page aka hyp3rlinx

MS15-117

Windows NDIS Elevation of Privilege Vulnerability

CVE-2015-6098

Nils Sommer of bytegeist, working with Google Project Zero

MS15-116

Microsoft Office Memory Corruption Vulnerability

CVE-2015-6038

Steven Seeley of Source Incite, working with HP’s Zero Day Initiative

MS15-116

Microsoft Office Memory Corruption Vulnerability

CVE-2015-6091

Steven Vittitoe of Google Project Zero

MS15-116

Microsoft Office Memory Corruption Vulnerability

CVE-2015-6092

Steven Vittitoe of Google Project Zero

MS15-116

Microsoft Office Memory Corruption Vulnerability

CVE-2015-6093

SignalSEC Research, working with HP’s Zero Day Initiative

MS15-116

Microsoft Office Memory Corruption Vulnerability

CVE-2015-6094

Steven Seeley of Source Incite, working with HP’s Zero Day Initiative

MS15-116

Microsoft Outlook for Mac Spoofing Vulnerability

CVE-2015-6123

Mark Robbins Rebelmail

MS15-115

Windows Kernel Memory Elevation of Privilege Vulnerability

CVE-2015-6100

Nils Sommer of bytegeist, working with Google Project Zero

MS15-115

Windows Kernel Memory Elevation of Privilege Vulnerability

CVE-2015-6101

Nils Sommer of bytegeist, working with Google Project Zero

MS15-115

Windows Kernel Memory Information Disclosure Vulnerability

CVE-2015-6102

Nils Sommer of bytegeist, working with Google Project Zero

MS15-115

Windows Graphics Memory Remote Code Execution Vulnerability

CVE-2015-6103

Mateusz Jurczyk of Google Project Zero

MS15-115

Windows Graphics Memory Remote Code Execution Vulnerability

CVE-2015-6104

Mateusz Jurczyk of Google Project Zero

MS15-115

Windows Kernel Security Feature Bypass Vulnerability

CVE-2015-6113

James Forshaw of Google Project Zero

MS15-114

Windows Journal Heap Overflow Vulnerability

CVE-2015-6097

Jason Kratzer, working with VeriSign iDefense Labs

MS15-113

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6064

Simon Zuckerbraun, working with HP’s Zero Day Initiative

MS15-113

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6073

Kai Kang of Tencent's Xuanwu LAB

MS15-113

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6078

Bo Qu of Palo Alto Networks

MS15-113

Microsoft Browser ASLR Bypass

CVE-2015-6088

JaeHun Jeong

MS15-112

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6064

Simon Zuckerbraun, working with HP’s Zero Day Initiative

MS15-112

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6065

Jason Kratzer, working with VeriSign iDefense Labs

MS15-112

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6065

B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative

MS15-112

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6066

Bo Qu of Palo Alto Networks

MS15-112

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6068

Zheng Huang of the Baidu Scloud XTeam, working with VeriSign iDefense Labs

MS15-112

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6069

Bo Qu of Palo Alto Networks

MS15-112

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6070

Tongbo Luo of Palo Alto Networks

MS15-112

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6070

Bo Qu of Palo Alto Networks

MS15-112

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6071

Bo Qu of Palo Alto Networks

MS15-112

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6072

Kai Kang of Tencent's Xuanwu LAB

MS15-112

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6073

Kai Kang of Tencent's Xuanwu LAB

MS15-112

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6075

0011, working with HP’s Zero Day Initiative

MS15-112

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6076

Anonymous, working with HP’s Zero Day Initiative

MS15-112

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6077

0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative, and Linan Hao of Qihoo 360

MS15-112

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6077

Linan Hao of Qihoo 360 Vulcan Team

MS15-112

Microsoft Browser Memory Corruption Vulnerability

CVE-2015-6078

Bo Qu of Palo Alto Networks

MS15-112

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6079

Zheng Huang of the Baidu Scloud XTeam

MS15-112

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6080

Zheng Huang of the Baidu Scloud XTeam

MS15-112

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6081

B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative

MS15-112

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6082

Zheng Huang of the Baidu Scloud XTeam

MS15-112

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6084

Zheng Huang of the Baidu Scloud XTeam, working with VeriSign iDefense Labs

MS15-112

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6085

Jason Kratzer, working with VeriSign iDefense Labs

MS15-112

Internet Explorer Information Disclosure Vulnerability

CVE-2015-6086

Ashfaq Ansari, working with HP’s Zero Day Initiative

MS15-112

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6087

Bo Qu of Palo Alto Networks

MS15-112

Scripting Engine Memory Corruption Vulnerability

CVE-2015-6089

Yuki Chen of Qihoo 360 Vulcan Team

MS15-099

Microsoft Office Malformed EPS File Vulnerability

CVE-2015-2545

Genwei Jiang of FireEye, Inc.

SA3108638

N/A

CVE-2015-5307

Ben Serebrin of Google

October 2015

MS15-111

Windows Kernel Memory Corruption Vulnerability

CVE-2015-2549

dbc282f4f2f7d2466fa0078bf8034d99

MS15-111

Windows Elevation of Privilege Vulnerability

CVE-2015-2550

Ashutosh Mehra, working with HP’s Zero Day Initiative

MS15-111

Windows Mount Point Elevation of Privilege Vulnerability

CVE-2015-2553

James Forshaw of Google Project Zero

MS15-111

Windows Object Reference Elevation of Privilege Vulnerability

CVE-2015-2554

James Forshaw of Google Project Zero

MS15-110

Microsoft Office Memory Corruption Vulnerability

CVE-2015-2555

3S Labs, working with HP’s Zero Day Initiative

MS15-110

Microsoft Sharepoint Information Disclosure Vulnerability

CVE-2015-2556

Jakub Palaczynski of ING Services Polska

MS15-110

Microsoft Office Memory Corruption Vulnerabilties

CVE-2015-2557

kdot, working with HP’s Zero Day Initiative

MS15-110

Microsoft Office Memory Corruption Vulnerability

CVE-2015-2558

3S Labs, working with HP’s Zero Day Initiative

MS15-109

Toolbar Use After Free Vulnerability

CVE-2015-2515

Heige (a.k.a. SuperHei) from Knownsec 404 Security Team

MS15-109

Microsoft Tablet Input Band Use After Free Vulnerability

CVE-2015-2548

Heige (a.k.a. SuperHei) from Knownsec 404 Security Team and Hui Gao of Palo Alto Networks

MS15-108

Scripting Engine Memory Corruption Vulnerability

CVE-2015-2482

Skylined, working with HP’s Zero Day Initiative

MS15-108

VBScript and JScript ASLR Bypass

CVE-2015-6052

Bill Finlayson, Vectra Networks

MS15-108

Scripting Engine Memory Corruption Vulnerability

CVE-2015-6055

Simon Zuckerbraun, working with HP’s Zero Day Initiative

MS15-108

Scripting Engine Memory Corruption Vulnerability

CVE-2015-6055

An anonymous researcher, working with HP’s Zero Day Initiative

MS15-108

Scripting Engine Information Disclosure Vulnerability

CVE-2015-6059

Takeshi Terada of Mitsui Bussan Secure Directions, Inc.

MS15-107

Microsoft Edge XSS Filter Bypass

CVE-2015-6058

Noriaki Iwasaki of Cyber Defense Institute, Inc.

MS15-107

Microsoft Edge XSS Filter Bypass

CVE-2015-6058

Masato Kinugawa, Individual

MS15-107

Microsoft Edge Information Disclosure Vulnerability

CVE-2015-6057

Mario Heiderich of Cure53

MS15-106

Scripting Engine Memory Corruption Vulnerability

CVE-2015-2482

Skylined, working with HP’s Zero Day Initiative

MS15-106

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6042

Garage4Hackers, working with HP’s Zero Day Initiative

MS15-106

Internet Explorer Elevation of Privilege Vulnerability

CVE-2015-6044

Jack Tang of Trend Micro

MS15-106

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6045

Zheng Huang of the Baidu Scloud XTeam, working with HP’s Zero Day Initiative

MS15-106

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6045

Kai Kang of Tencent's Xuanwu LAB

MS15-106

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6046

Jason Kratzer, working with VeriSign iDefense Labs

MS15-106

Internet Explorer Elevation of Privilege Vulnerability

CVE-2015-6047

Ashutosh Mehra, working with HP’s Zero Day Initiative

MS15-106

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6048

Tongbo Luo of Palo Alto Networks

MS15-106

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6048

Hui Gao of Palo Alto Networks

MS15-106

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6048

Dhanesh Kizhakkinan of FireEye, Inc.

MS15-106

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6049

Heige (a.k.a. SuperHei) from Knownsec 404 Security Team

MS15-106

Internet Explorer Memory Corruption Vulnerability

CVE-2015-6050

Zheng Huang of the Baidu Scloud XTeam, working with HP’s Zero Day Initiative

MS15-106

Internet Explorer Elevation of Privilege Vulnerability

CVE-2015-6051

Ashutosh Mehra, working with HP’s Zero Day Initiative

MS15-106

VBScript and JScript ASLR Bypass

CVE-2015-6052

Bill Finlayson, Vectra Networks

MS15-106

Internet Explorer Information Disclosure Vulnerability

CVE-2015-6053

CK, working with HP’s Zero Day Initiative

MS15-106

Scripting Engine Memory Corruption Vulnerability

CVE-2015-6055

An anonymous researcher, working with HP’s Zero Day Initiative

MS15-106

Scripting Engine Memory Corruption Vulnerability

CVE-2015-6056

Aakash Jain and Dhanesh Kizhakkinan of FireEye, Inc.

MS15-106

Scripting Engine Information Disclosure Vulnerability

CVE-2015-6059

Takeshi Terada of Mitsui Bussan Secure Directions, Inc.

MS15-106

Scripting Engine Memory Corruption Vulnerability

CVE-2015-6184

Zheng Huang of the Baidu Scloud XTeam, working with HP’s Zero Day Initiative

MS15-106

Defense-in-depth

-------------------

Mario Heiderich of Cure53

September 2015

MS15-103

Exchange Information Disclosure Vulnerability

CVE-2015-2505

John Page of hyp3rlinx

MS15-103

Exchange Spoofing Vulnerability

CVE-2015-2543

Abdulrahman Alqabandi

MS15-103

Exchange Spoofing Vulnerability

CVE-2015-2544

Justin Khoo of FreshInbox

MS15-102

Windows Task Management Elevation of Privilege Vulnerability

CVE-2015-2524

James Forshaw of Google Project Zero

MS15-102

Windows Task File Deletion Elevation of Privilege Vulnerability

CVE-2015-2525

James Forshaw of Google Project Zero

MS15-102

Windows Task Management Elevation of Privilege Vulnerability

CVE-2015-2528

James Forshaw of Google Project Zero

MS15-101

.NET Elevation of Privilege Vulnerability

CVE-2015-2504

Yorick Koster of Securify B.V.

MS15-101

MVC Denial of Service Vulnerability

CVE-2015-2526

Roberto Suggi Liverani of NCIA (NATO Communications and Information Agency)

MS15-100

Windows Media Center RCE Vulnerability

CVE-2015-2509

Aaron Luo, Kenney Lu, and Ziv Chang of TrendMicro

MS15-099

Microsoft Office Memory Corruption Vulnerability

CVE-2015-2520

Steven Vittitoe of Google Project Zero

MS15-099

Microsoft Office Memory Corruption Vulnerability

CVE-2015-2521

Steven Vittitoe of Google Project Zero

MS15-099

Microsoft SharePoint XSS Spoofing Vulnerability

CVE-2015-2522

This vulnerability was discovered by Fortinet's FortiGuard Labs.

MS15-099

Microsoft Office Memory Corruption Vulnerability

CVE-2015-2523

Steven Vittitoe of Google Project Zero

MS15-099

Microsoft Office Malformed EPS File Vulnerability

CVE-2015-2545

Genwei Jiang of FireEye, Inc.

MS15-098

Windows Journal RCE Vulnerability

CVE-2015-2513

Phil Blankenship of BeyondTrust Inc

MS15-098

Windows Journal DoS Vulnerability

CVE-2015-2514

Kai Lu of Fortinet's FortiGuard Labs

MS15-098

Windows Journal DoS Vulnerability

CVE-2015-2516

Kai Lu of Fortinet's FortiGuard Labs

MS15-097

OpenType Font Parsing Vulnerability

CVE-2015-2506

Piotr Bania and Andrea Allievi of Cisco Talos

MS15-097

Font Driver Elevation of Privilege Vulnerability

CVE-2015-2507

Nils Sommer of bytegeist, working with Google Project Zero

MS15-097

Font Driver Elevation of Privilege Vulnerability

CVE-2015-2508

James Forshaw of Google Project Zero

MS15-097

Graphics Component Buffer Overflow Vulnerability

CVE-2015-2510

Steven Vittitoe of Google Project Zero

MS15-097

Font Driver Elevation of Privilege Vulnerability

CVE-2015-2511

Nils Sommer of bytegeist, working with Google Project Zero

MS15-097

Font Driver Elevation of Privilege Vulnerability

CVE-2015-2512

Nils Sommer of bytegeist, working with Google Project Zero

MS15-097

Win32k Memory Corruption Elevation of Privilege Vulnerability

CVE-2015-2517

Nils Sommer of bytegeist, working with Google Project Zero

MS15-097

Win32k Memory Corruption Elevation of Privilege Vulnerability

CVE-2015-2518

Nils Sommer of bytegeist, working with Google Project Zero

MS15-097

Win32k Elevation of Privilege Vulnerability

CVE-2015-2527

James Forshaw of Google Project Zero

MS15-097

Kernel ASLR Bypass Vulnerability

CVE-2015-2529

Matt Tait of Google Project Zero

MS15-097

Win32k Memory Corruption Elevation of Privilege Vulnerability

CVE-2015-2546

Wang Yu of FireEye, Inc.

MS15-097

Defense-in-depth

-------------------

lokihardt@ASRT, working with HP’s Zero Day Initiative

MS15-096

Active Directory Denial of Service Vulnerability

CVE-2015-2535

Andrew Bartlett of Catalyst and the Samba Team

MS15-095

Memory Corruption Vulnerability

CVE-2015-2485

0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative

MS15-095

Memory Corruption Vulnerability

CVE-2015-2486

0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative

MS15-094

Information Disclosure Vulnerability

CVE-2015-2483

Shi Ji (@Puzzor) of VARAS@IIE

MS15-094

Tampering Vulnerability

CVE-2015-2484

Haifei Li of Intel Security IPS Research Team

MS15-094

Memory Corruption Vulnerability

CVE-2015-2485

0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative

MS15-094

Memory Corruption Vulnerability

CVE-2015-2486

0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative

MS15-094

Memory Corruption Vulnerability

CVE-2015-2487

Pawel Wylecial, working with HP’s Zero Day Initiative

MS15-094

Elevation of Privilege Vulnerability

CVE-2015-2489

5AECDBC12A3C178E19CF1E3CB5EDAA89, working with HP’s Zero Day Initiative

MS15-094

Memory Corruption Vulnerability

CVE-2015-2490

Bo Qu of Palo Alto Networks

MS15-094

Memory Corruption Vulnerability

CVE-2015-2491

Heige (a.k.a. SuperHei) from Knownsec 404 Security Team

MS15-094

Memory Corruption Vulnerability

CVE-2015-2492

Bo Qu of Palo Alto Networks

MS15-094

Memory Corruption Vulnerability

CVE-2015-2492

Dhanesh Kizhakkinan of FireEye, Inc.

MS15-094

Scripting Engine Memory Corruption Vulnerability

CVE-2015-2493

Bo Qu of Palo Alto Networks

MS15-094

Memory Corruption Vulnerability

CVE-2015-2494

Kai Song (exp-sky) of Tencent's Xuanwu LAB

MS15-094

Memory Corruption Vulnerability

CVE-2015-2498

B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative

MS15-094

Memory Corruption Vulnerability

CVE-2015-2499

B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative

MS15-094

Memory Corruption Vulnerability

CVE-2015-2500

B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative

MS15-094

Memory Corruption Vulnerability

CVE-2015-2501

Sean Verity, working with HP’s Zero Day Initiative

MS15-094

Memory Corruption Vulnerability

CVE-2015-2541

0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative

MS15-094

Defense-in-depth

-------------------

Yang Yu (@tombkeeper) of Tencent's Xuanwu Lab

August 2015

MS15-093

Memory Corruption Vulnerability

CVE-2015-2502

Clement Lecigne of Google Inc.

MS15-092

RyuJIT Optimization Elevation of Privilege Vulnerability

CVE-2015-2479

Nick Craver & Marc Gravell of Stack Overflow

MS15-091

Memory Corruption Vulnerability

CVE-2015-2441

Liu Long of the Qihoo 360 Vulcan Team

MS15-090

Windows Registry Elevation of Privilege Vulnerability

CVE-2015-2429

Ashutosh Mehra, working with HP’s Zero Day Initiative

MS15-090

Windows Filesystem Elevation of Privilege Vulnerability

CVE-2015-2430

Ashutosh Mehra, working with HP’s Zero Day Initiative

MS15-087

UDDI Services Elevation of Privilege Vulnerability

CVE-2015-2475

François-Xavier Stellamans from NCI Agency - Cyber Security / NCIRC

MS15-084

MSXML Information Disclosure Vulnerability

CVE-2015-2440

Ucha Gobejishvili, working with HP’s Zero Day Initiative

MS15-083

Server Message Block Memory Corruption Vulnerability

CVE-2015-2474

Tenable Network Security

MS15-081

Microsoft Office Memory Corruption Vulnerability

CVE-2015-1642

This vulnerability was discovered by Fortinet's FortiGuard Labs

MS15-081

Microsoft Office Memory Corruption Vulnerability

CVE-2015-1642

Yong Chuan Koh (@yongchuank) of MWR Labs (@mwrlabs)

MS15-081

Microsoft Office Memory Corruption Vulnerability

CVE-2015-1642

s3tm3m@gmail.com, working with VeriSign iDefense Labs

MS15-081

Microsoft Office Memory Corruption Vulnerability

CVE-2015-2467

Steven Vittitoe of Google Project Zero

MS15-081

Microsoft Office Memory Corruption Vulnerability

CVE-2015-2468

Steven Vittitoe of Google Project Zero

MS15-081

Microsoft Office Memory Corruption Vulnerability

CVE-2015-2469

Steven Vittitoe of Google Project Zero

MS15-081

Microsoft Office Integer Underflow Vulnerability

CVE-2015-2470

Steven Vittitoe of Google Project Zero

MS15-081

Microsoft Office Memory Corruption Vulnerability

CVE-2015-2477

Steven Vittitoe of Google Project Zero

MS15-081

Microsoft Office Memory Corruption Vulnerability

CVE-2015-2445

Jack Tang of Trend Micro

MS15-080

Microsoft Office Graphics Component Remote Code Execution Vulnerability

CVE-2015-2431

Steven Vittitoe of Google Project Zero

MS15-080

OpenType Font Parsing Vulnerability

CVE-2015-2432

Mateusz Jurczyk of Google Project Zero

MS15-080

Kernel ASLR Bypass Vulnerability

CVE-2015-2433

Matt Tait of Google Inc.

MS15-080

TrueType Font Parsing Vulnerability

CVE-2015-2435

KeenTeam's Jihui Lu and Peter Hlavaty, working with HP’s Zero Day Initiative

MS15-080

Windows CSRSS Elevation of Privilege Vulnerability

CVE-2015-2453

Liang Yin of Tencent PC Manager

MS15-080

Windows KMD Security Feature Bypass Vulnerability

CVE-2015-2454

Ashutosh Mehra, working with HP’s Zero Day Initiative

MS15-080

TrueType Font Parsing Vulnerability

CVE-2015-2455

Mateusz Jurczyk of Google Project Zero

MS15-080

TrueType Font Parsing Vulnerability

CVE-2015-2455

KeenTeam's Jihui Lu and Peter Hlavaty, working with HP’s Zero Day Initiative

MS15-080

TrueType Font Parsing Vulnerability

CVE-2015-2456

Mateusz Jurczyk of Google Project Zero

MS15-080

OpenType Font Parsing Vulnerability

CVE-2015-2458

Mateusz Jurczyk of Google Project Zero

MS15-080

OpenType Font Parsing Vulnerability

CVE-2015-2459

Mateusz Jurczyk of Google Project Zero

MS15-080

OpenType Font Parsing Vulnerability

CVE-2015-2460

Mateusz Jurczyk of Google Project Zero

MS15-080

OpenType Font Parsing Vulnerability

CVE-2015-2461

Mateusz Jurczyk of Google Project Zero

MS15-080

OpenType Font Parsing Vulnerability

CVE-2015-2462

Mateusz Jurczyk of Google Project Zero

MS15-080

TrueType Font Parsing Vulnerability

CVE-2015-2463

Mateusz Jurczyk of Google Project Zero

MS15-080

TrueType Font Parsing Vulnerability

CVE-2015-2464

Mateusz Jurczyk of Google Project Zero

MS15-079

Memory Corruption Vulnerability

CVE-2015-2442

Linan Hao of the Qihoo 360 Vulcan Team

MS15-079

Memory Corruption Vulnerability

CVE-2015-2443

An anonymous researcher, working with HP’s Zero Day Initiative

MS15-079

Memory Corruption Vulnerability

CVE-2015-2444

Moritz Jodeit of Blue Frost Security

MS15-079

Security Feature Bypass Vulnerability

CVE-2015-2445

Jack Tang of Trend Micro

MS15-079

Memory Corruption Vulnerability

CVE-2015-2446

Heige (a.k.a. SuperHei) from Knownsec 404 Security Team and Bo Qu of Palo Alto Networks

MS15-079

Memory Corruption Vulnerability

CVE-2015-2447

sweetchip@GRAYHASH

MS15-079

Memory Corruption Vulnerability

CVE-2015-2448

An anonymous researcher, working with HP’s Zero Day Initiative

MS15-079

Security Feature Bypass Vulnerability

CVE-2015-2449

Linan Hao of the Qihoo 360 Vulcan Team

MS15-079

Memory Corruption Vulnerability

CVE-2015-2450

0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative

MS15-079

Memory Corruption Vulnerability

CVE-2015-2451

0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative

MS15-079

Memory Corruption Vulnerability

CVE-2015-2452

0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative

July 2015

MS15-078

OpenType Font Driver Vulnerability

CVE-2015-2426

Mateusz Jurczyk of Google Project Zero

MS15-078

OpenType Font Driver Vulnerability

CVE-2015-2426

Genwei Jiang of FireEye, Inc.

MS15-078

OpenType Font Driver Vulnerability

CVE-2015-2426

Moony Li of TrendMicro Company

MS15-077

ATMFD.DLL Memory Corruption Vulnerability

CVE-2015-2387

Google Project Zero and Morgan Marquis-Boire

MS15-076

Windows RPC Elevation of Privilege Vulnerability

CVE-2015-2370

James Forshaw of Google Project Zero

MS15-075

OLE Elevation of Privilege Vulnerability

CVE-2015-2416

Nicolas Joly @n_joly

MS15-075

OLE Elevation of Privilege Vulnerability

CVE-2015-2417

Nicolas Joly @n_joly

MS15-074

Windows Installer EoP Vulnerability

CVE-2015-2371

Mariusz Mlynski working with HP’s Zero Day Initiative

MS15-073

Win32k Elevation of Privilege Vulnerability

CVE-2015-2363

enSilo

MS15-073

Win32k Elevation of Privilege Vulnerability

CVE-2015-2363

Peng Qiu of 360Vulcan Team

MS15-073

Win32k Elevation of Privilege Vulnerability

CVE-2015-2365

Nils Sommer of bytegeist, working with Google Project Zero

MS15-073

Win32k Elevation of Privilege Vulnerability

CVE-2015-2366

Nils Sommer of bytegeist, working with Google Project Zero

MS15-073

Win32k Information Disclosure Vulnerability

CVE-2015-2367

WanderingGlitch of HP’s Zero Day Initiative

MS15-073

Win32k Information Disclosure Vulnerability

CVE-2015-2381

Matt Tait of Google Project Zero

MS15-073

Win32k Information Disclosure Vulnerability

CVE-2015-2382

Matt Tait of Google Project Zero

MS15-072

Graphics Component EOP Vulnerability

CVE-2015-2364

Nicolas Joly @n_joly

MS15-070

Microsoft Excel ASLR Bypass Vulnerability

CVE-2015-2375

3S Labs working with HP’s Zero Day Initiative

MS15-070

Microsoft Office Memory Corruption Vulnerability

CVE-2015-2376

3S Labs, working with HP’s Zero Day Initiative

MS15-070

Microsoft Office Memory Corruption Vulnerability

CVE-2015-2377

3S Labs, working with HP’s Zero Day Initiative

MS15-070

Microsoft Excel DLL Remote Code Execution Vulnerability

CVE-2015-2378

M1x7e1(ShiXiaoLei) of SafeyeTeam

MS15-070

Microsoft Office Memory Corruption Vulnerability

CVE-2015-2379

Steven Vittitoe of Google Project Zero

MS15-070

Microsoft Office Memory Corruption Vulnerability

CVE-2015-2380

Steven Vittitoe of Google Project Zero

MS15-070

Microsoft Office Memory Corruption Vulnerability

CVE-2015-2415

Jack Tang of Trend Micro

MS15-070

Microsoft Office Remote Code Execution Vulnerability

CVE-2015-2424

The Labs Team of iSIGHT Partners

MS15-070

Microsoft Office Remote Code Execution Vulnerability

CVE-2015-2424

Edward Fjellskål of Telenor CERT

MS15-069

Windows DLL Remote Code Execution Vulnerability

CVE-2015-2368

Ashutosh Mehra, working with HP’s Zero Day Initiative

MS15-069

DLL Planting Remote Code Execution Vulnerability

CVE-2015-2369

Haifei Li of McAfee Labs IPS Team

MS15-068

Hyper-V Buffer Overflow Vulnerability

CVE-2015-2361

Thomas Garnier of Microsoft

MS15-068

Hyper-V System Data Structure Vulnerability

CVE-2015-2362

Thomas Garnier of Microsoft

MS15-066

VBScript Memory Corruption Vulnerability

CVE-2015-2372

Bo Qu of Palo Alto Networks

MS15-066

VBScript Memory Corruption Vulnerability

CVE-2015-2372

bilou, working with VeriSign iDefense Labs

MS15-065

Internet Explorer Information Disclosure Vulnerability

CVE-2015-1729

Mashiro YAMADA

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1733

JaeHun Jeong (@n3sk) of WINS, WSEC Analysis Team

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1738

Li Kemeng of Baidu Anti-virus Team

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1767

An anonymous researcher, working with HP’s Zero Day Initiative

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1767

Zheng Huang of the Baidu Scloud XTeam, working with HP’s Zero Day Initiative

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2383

Jason Kratzer, working with VeriSign iDefense Labs

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2383

Sky, working with HP’s Zero Day Initiative

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2383

Liu Long of the Qihoo 360 Vulcan Team

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2383

Jihui Lu of KeenTeam (@K33nTeam)

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2384

Liu Long of the Qihoo 360 Vulcan Team

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2385

Liu Long of the Qihoo 360 Vulcan Team

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2385

ChenDong Li of Tencent

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2388

B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2389

Linan Hao of the Qihoo 360 Vulcan Team

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2390

Linan Hao of the Qihoo 360 Vulcan Team

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2391

Jack Tang of Trend Micro Inc.

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2397

AA32AF9897C15779037CD4FC1C1C13D7, working with HP’s Zero Day Initiative

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2397

A3F2160DCA1BDE70DA1D99ED267D5DC1EC336192, working with HP’s Zero Day Initiative

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2397

Bo Qu of Palo Alto Networks

MS15-065

Internet Explorer XSS Filter Bypass Vulnerability

CVE-2015-2398

Mario Heiderich

MS15-065

Internet Explorer XSS Filter Bypass Vulnerability

CVE-2015-2398

Carlos Munoz of WhiteHat Security (former) and Trustwave SpiderLabs (current)

MS15-065

Internet Explorer Elevation of Privilege Vulnerability

CVE-2015-2402

Ashutosh Mehra, working with HP’s Zero Day Initiative

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2403

ca0nguyen, working with HP’s Zero Day Initiative

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2404

4cbad7dc77d1a1af7d66b5ded6cd92a5, working with HP’s Zero Day Initiative

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2406

B6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2408

Zheng Huang of Baidu Scloud XTeam, working with HP’s Zero Day Initiative

MS15-065

Internet Explorer Information Disclosure Vulnerability

CVE-2015-2410

A Google Inc. employee

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2411

JeongHoon Shin

MS15-065

Internet Explorer Information Disclosure Vulnerability

CVE-2015-2412

Ashutosh Mehra, working with HP’s Zero Day Initiative

MS15-065

Internet Explorer Information Disclosure Vulnerability

CVE-2015-2413

Hiroshi Suzuki of Internet Initiative Japan Inc.

MS15-065

Internet Explorer Information Disclosure Vulnerability

CVE-2015-2414

Angelo Prado, Director, Product Security at Salesforce

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2422

Bo Qu of Palo Alto Networks

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2425

Bill Finlayson, Vectra Networks

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2425

Dhanesh Kizhakkinan of FireEye, Inc.

MS15-065

Internet Explorer Memory Corruption Vulnerability

CVE-2015-2425

Peter Pi of TrendMicro

3074162

MSRT Race Condition Vulnerability

CVE-2015-2418

James Forshaw of Google Project Zero

June 2015

MS15-063

Windows LoadLibrary EoP Vulnerability

CVE-2015-1758

Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc.

MS15-062

ADFS XSS Elevation of Privilege Vulnerability

CVE-2015-1757

“John Hollenberger” and “Tate Hansen from FishNet Security”

MS15-061

Microsoft Windows Kernel Information Disclosure Vulnerability

CVE-2015-1719

Guo Pengfei of Qihoo 360

MS15-061

Microsoft Windows Kernel Use After Free Vulnerability

CVE-2015-1720

KK of Tencent’s Xuanwu LAB

MS15-061

Win32k Null Pointer Dereference Vulnerability

CVE-2015-1721

Nils Sommer of bytegeist, working with Google Project Zero

MS15-061

Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability

CVE-2015-1722

Nils Sommer of bytegeist, working with Google Project Zero

MS15-061

Microsoft Windows Station Use After Free Vulnerability

CVE-2015-1723

Nils Sommer of bytegeist, working with Google Project Zero

MS15-061

Microsoft Windows Kernel Object Use After Free Vulnerability

CVE-2015-1724

Nils Sommer of bytegeist, working with Google Project Zero

MS15-061

Win32k Buffer Overflow Vulnerability

CVE-2015-1725

Nils Sommer of bytegeist, working with Google Project Zero

MS15-061

Microsoft Windows Kernel Brush Object Use After Free Vulnerability

CVE-2015-1726

Nils Sommer of bytegeist, working with Google Project Zero

MS15-061

Win32k Pool Buffer Overflow Vulnerability

CVE-2015-1727

Nils Sommer of bytegeist, working with Google Project Zero

MS15-061

Win32k Elevation of Privilege Vulnerability

CVE-2015-2360

Maxim Golovkin, Kaspersky Lab

MS15-061

Win32k Elevation of Privilege Vulnerability

CVE-2015-2360

enSilo Research Team

MS15-059

Microsoft Office Memory Corruption Vulnerability

CVE-2015-1759

Ben Hawkes of Google Project Zero

MS15-059

Microsoft Office Memory Corruption Vulnerability

CVE-2015-1760

Ben Hawkes of Google Project Zero

MS15-059

Microsoft Office Uninitialized Memory Use Vulnerability

CVE-2015-1770

Yong Chuan Koh (@yongchuank) MWR Labs (@mwrlabs)

MS15-057

Windows Media Player RCE via DataObject Vulnerability

CVE-2015-1728

bilou, working with VeriSign iDefense Labs

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1687

Pengfei Guo of Qihoo 360

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1730

SkyLined, working with VeriSign iDefense Labs

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1731

Zheng Huang of Baidu Scloud XTeam

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1732

Linan Hao of the Qihoo 360 Vulcan Team

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1735

Zheng Huang of Baidu Scloud XTeam working with HP’s Zero Day Initiative

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1736

Bo Qu of Palo Alto Networks

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1736

An anonymous researcher, working with HP’s Zero Day Initiative

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1737

Dhanesh Kizhakkinan of FireEye, Inc.

MS15-056

Internet Explorer Elevation of Privilege Vulnerability

CVE-2015-1739

Thomas Vanhoutte working with HP’s Zero Day Initiative

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1740

Chen Zhang (demi6od) of NSFOCUS Security Team

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1740

Heige (a.k.a. SuperHei) from Knownsec 404 Security Team

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1740

Bo Qu of Palo Alto Networks

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1741

Chen Zhang (demi6od) of NSFOCUS Security Team

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1742

Chen Zhang (demi6od) of NSFOCUS Security Team

MS15-056

Internet Explorer Elevation of Privilege Vulnerability

CVE-2015-1743

Haifei Li of McAfee Labs IPS Team

MS15-056

Internet Explorer Elevation of Privilege Vulnerability

CVE-2015-1743

Yuki Chen of Qihoo 360/Vulcan 360 Team working with HP’s Zero Day Initiative

MS15-056

Internet Explorer Elevation of Privilege Vulnerability

CVE-2015-1743

Thomas Vanhoutte, working with HP’s Zero Day Initiative

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1744

Bo Qu of Palo Alto Networks

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1744

National Engineering Laboratory for Mobile Internet System and Application Security, China

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1745

Yuki Chen of Qihoo 360 working with HP’s Zero Day Initiative

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1747

lokihardt@ASRT working with HP’s Zero Day Initiative

MS15-056

Internet Explorer Elevation of Privilege Vulnerability

CVE-2015-1748

lokihardt@ASRT working with HP’s Zero Day Initiative

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1750

Bo Qu of Palo Alto Networks

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1751

Jason Kratzer, working with VeriSign iDefense Labs

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1752

Kai Song (exp-sky) of Tencent's Xuanwu LAB

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1752

Henry Li of Trend Micro

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1753

Jihui Lu of KeenTeam (@K33nTeam)

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1754

Jack Tang of Trend Micro

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1755

0016EECD9D7159A949DAD3BC17E0A939 working with HP’s Zero Day Initiative

MS15-056

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1755

Jason Kratzer, working with VeriSign iDefense Labs

MS15-056

Defense-in-depth

-------------------

רומן זאיקין

MS15-056

Defense-in-depth

-------------------

An anonymous researcher, working with Beyond Security’s SecuriTeam Secure Disclosure team and Ashutosh Mehra working with HP’s Zero Day Initiative


Special thanks for working with Microsoft to make Internet Explorer more secure.

-------------------

Xiaoyin Liu @general_nfs

May 2015

MS15-054

Microsoft Management Console File Format Denial of Service Vulnerability

CVE-2015-1681

Michael Heerklotz, working with HP’s Zero Day Initiative

MS15-053

VBScript ASLR Bypass

CVE-2015-1684

SkyLined, working with HP’s Zero Day Initiative

MS15-053

VBScript and JScript ASLR Bypass

CVE-2015-1686

Bill Finlayson of BeyondTrust Inc

MS15-052

Windows Kernel Security Feature Bypass Vulnerability

CVE-2015-1674

lokihardt@ASRT, working with HP’s Zero Day Initiative

MS15-051

Microsoft Windows Kernel Memory Disclosure Vulnerability

CVE-2015-1676

WanderingGlitch of HP’s Zero Day Initiative

MS15-051

Microsoft Windows Kernel Memory Disclosure Vulnerability

CVE-2015-1677

WanderingGlitch of HP’s Zero Day Initiative

MS15-051

Microsoft Windows Kernel Memory Disclosure Vulnerability

CVE-2015-1678

WanderingGlitch of HP’s Zero Day Initiative

MS15-051

Microsoft Windows Kernel Memory Disclosure Vulnerability

CVE-2015-1679

WanderingGlitch of HP’s Zero Day Initiative

MS15-051

Microsoft Windows Kernel Memory Disclosure Vulnerability

CVE-2015-1680

WanderingGlitch of HP’s Zero Day Initiative

MS15-049

Microsoft Silverlight Out of Browser Application Vulnerability

CVE-2015-1715

Exodus Intelligence

MS15-048

.NET XML Decryption Denial of Service Vulnerability

CVE-2015-1672

John Heasman of DocuSign

MS15-048

Windows Forms Elevation of Privilege Vulnerability

CVE-2015-1673

Kalle Niemitalo

MS15-046

Microsoft Office Memory Corruption Vulnerability

CVE-2015-1682

3S Labs, working with HP’s Zero Day Initiative

MS15-046

Microsoft Office Memory Corruption Vulnerability

CVE-2015-1683

Jack Tang of Trend Micro

MS15-046

Microsoft Office Memory Corruption Vulnerability

CVE-2015-1683

Kai Lu of Fortinet's FortiGuard Labs

MS15-045

Windows Journal Remote Code Execution Vulnerability

CVE-2015-1675

Bill Finlayson of Beyond Trust, Inc.

MS15-045

Windows Journal Remote Code Execution Vulnerability

CVE-2015-1695

Adith Sudhakar, VMware

MS15-045

Windows Journal Remote Code Execution Vulnerability

CVE-2015-1696

Rohit Mothe of VeriSign iDefense Labs

MS15-045

Windows Journal Remote Code Execution Vulnerability

CVE-2015-1697

Rohit Mothe of VeriSign iDefense Labs

MS15-045

Windows Journal Remote Code Execution Vulnerability

CVE-2015-1698

Adith Sudhakar, VMware

MS15-045

Windows Journal Remote Code Execution Vulnerability

CVE-2015-1698

Rohit Mothe of VeriSign iDefense Labs

MS15-045

Windows Journal Remote Code Execution Vulnerability

CVE-2015-1699

Steven Seeley of Source Incite

MS15-044

OpenType Font Parsing Vulnerability

CVE-2015-1670

Mateusz Jurczyk of Google Project Zero

MS15-044

TrueType Font Parsing Vulnerability

CVE-2015-1671

Dan Caselden of FireEye, Inc.

MS15-043

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1658

Jason Kratzer, working with VeriSign iDefense Labs

MS15-043

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1658

National Engineering Laboratory for Mobile Internet System and Application Security, China

MS15-043

VBScript ASLR Bypass

CVE-2015-1684

SkyLined, working with HP’s Zero Day Initiative

MS15-043

Internet Explorer ASLR Bypass

CVE-2015-1685

Hao Linan of 360 Vulcan Team

MS15-043

Internet Explorer ASLR Bypass

CVE-2015-1685

Dhanesh Kizhakkinan of FireEye, Inc.

MS15-043

Internet Explorer ASLR Bypass

CVE-2015-1685

Li Kemeng of Baidu Scloud XTeam

MS15-043

VBScript and JScript ASLR Bypass

CVE-2015-1686

Bill Finlayson of BeyondTrust Inc

MS15-043

Internet Explorer Elevation of Privilege Vulnerability

CVE-2015-1688

Ashutosh Mehra

MS15-043

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1689

Jihui Lu of KeenTeam (@K33nTeam)

MS15-043

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1691

Jihui Lu of KeenTeam (@K33nTeam)

MS15-043

Internet Explorer Clipboard Information Disclosure Vulnerability

CVE-2015-1692

Daniel Trebbien

MS15-043

Internet Explorer Clipboard Information Disclosure Vulnerability

CVE-2015-1692

Vincent Lee of TELUS Security Labs

MS15-043

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1694

Jack Tang of Trend Micro

MS15-043

Internet Explorer Elevation of Privilege Vulnerability

CVE-2015-1703

Akitsugu

MS15-043

Internet Explorer Elevation of Privilege Vulnerability

CVE-2015-1704

Mario Heiderich

MS15-043

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1705

Bo Qu of Palo Alto Networks

MS15-043

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1706

Zheng Huang of Baidu Scloud XTeam working with HP’s Zero Day Initiative

MS15-043

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1708

Bo Qu of Palo Alto Networks

MS15-043

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1709

Jack Tang of Trend Micro

MS15-043

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1709

Zheng Huang of Baidu Scloud XTeam working with HP’s Zero Day Initiative

MS15-043

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1710

Dhanesh Kizhakkinan of FireEye, Inc.

MS15-043

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1711

Bo Qu of Palo Alto Networks

MS15-043

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1712

sweetchip@GRAYHASH

MS15-043

Internet Explorer Elevation of Privilege Vulnerability

CVE-2015-1713

Ashutosh Mehra

MS15-043

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1714

sweetchip@GRAYHASH, working with HP’s Zero Day Initiative

MS15-043

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1717

0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative

MS15-043

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1718

Jihui Lu of KeenTeam (@K33nTeam)

April 2015

MS15-042

Windows Hyper-V DoS Vulnerability

CVE-2015-1647

Dmitry Alikov of Veeam Software AG

MS15-039

MSXML3 Same Origin Policy SFB vulnerability

CVE-2015-1646

Hormazd Billimoria, Xiaoran Wang, Sergey Gorbaty, Anton Rager, and Jonathan Brossard of Salesforce.com

MS15-038

NtCreateTransactionManager Type Confusion Vulnerability

CVE-2015-1643

James Forshaw of Google Project Zero

MS15-038

Windows MS-DOS Device Name Elevation of Privilege Vulnerability

CVE-2015-1644

James Forshaw of Google Project Zero

MS15-037

Task Scheduler Elevation of Privilege Vulnerability

CVE-2015-0098

Renato Ettisberger of IOprotect GmbH

MS15-035

EMF Processing Remote Code Execution Vulnerability

CVE-2015-1645

Hossein Lotfi, Secunia Research

MS15-034

HTTP.sys Remote Code Execution Vulnerability

CVE-2015-1635

The Citrix Security Response Team

MS15-033

Microsoft Outlook App for Mac XSS Vulnerability

CVE-2015-1639

Rakesh Dharmavaram

MS15-033

Microsoft Office Memory Corruption Vulnerability

CVE-2015-1641

The Labs Team of iSIGHT Partners

MS15-033

Microsoft Office Component Use After Free Vulnerability

CVE-2015-1649

Jack Tang of Trend Micro

MS15-033

Microsoft Office Component Use After Free Vulnerability

CVE-2015-1649

Dan Caselden of FireEye, Inc.

MS15-033

Microsoft Office Component Use After Free Vulnerability

CVE-2015-1650

3S Labs, working with HP’s Zero Day Initiative

MS15-033

Defense-in-depth change in this bulletin

-------------------

Chris Parmer of Plotly

MS15-033

Microsoft Office Component Use After Free Vulnerability

CVE-2015-1651

Ben Hawkes of Google Project Zero

MS15-032

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1652

0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative

MS15-032

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1657

Jihui Lu of KeenTeam (@K33nTeam)

MS15-032

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1659

Jason Kratzer, working with HP’s Zero Day Initiative

MS15-032

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1660

Arthur Gerkis, working with HP’s Zero Day Initiative

MS15-032

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1661

AbdulAziz Hariri, working with HP’s Zero Day Initiative

MS15-032

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1665

AMol NAik & Garage4Hackers, working with HP’s Zero Day Initiative

MS15-032

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1666

b0nd@garage4hackers@, working with HP’s Zero Day Initiative

MS15-032

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1667

ca0nguyen, working with HP’s Zero Day Initiative

MS15-032

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1668

Omair, working with HP’s Zero Day Initiative

March 2015

MS15-029

JPEG XR Parser Information Disclosure Vulnerability

CVE-2015-0076

Michal Zalewski of Google Inc.

MS15-028

Task Scheduler Security Feature Bypass Vulnerability

CVE-2015-0084

James Forshaw of Google Project Zero

MS15-027

NETLOGON Spoofing Vulnerability

CVE-2015-0005

This vulnerability was discovered and researched by Alberto Solino from Core Security. The publication of this advisory was coordinated by Joaquín Rodríguez Varela from the Core Advisories Team.

MS15-026

OWA Modified Canary Parameter Cross Site Scripting Vulnerability

CVE-2015-1628

Francisco Correa

MS15-026

ExchangeDLP Cross Site Scripting Vulnerability

CVE-2015-1629

Adi Ivascu

MS15-026

Audit Report Cross Site Scripting Vulnerability

CVE-2015-1630

Adi Ivascu

MS15-026

Exchange Forged Meeting Request Spoofing Vulnerability

CVE-2015-1631

Nicolai Grodum

MS15-026

Exchange Error Message Cross Site Scripting Vulnerability

CVE-2015-1632

Darius Petrescu

MS15-025

Registry Virtualization Elevation of Privilege Vulnerability

CVE-2015-0073

James Forshaw of Google Project Zero

MS15-024

Malformed PNG Parsing Information Disclosure Vulnerability

CVE-2015-0080

Michal Zalewski of Google Inc.

MS15-023

Microsoft Windows Kernel Memory Disclosure Vulnerability

CVE-2015-0077

WanderingGlitch, working with HP’s Zero Day Initiative

MS15-023

Win32k Elevation of Privilege Vulnerability

CVE-2015-0078

James Forshaw of Google Project Zero

MS15-023

Win32k Elevation of Privilege Vulnerability

CVE-2015-0078

Ashutosh Mehra of Adobe Systems Inc.

MS15-023

Microsoft Windows Kernel Memory Disclosure Vulnerability

CVE-2015-0094

WanderingGlitch, working with HP’s Zero Day Initiative

MS15-023

Microsoft Windows Kernel Memory Disclosure Vulnerability

CVE-2015-0095

KK of Xuanwu Lab of Tencent

MS15-022

Microsoft Office Component Use After Free Vulnerability

CVE-2015-0085

3S Labs, working with HP’s Zero Day Initiative

MS15-022

Microsoft Office Memory Corruption Vulnerability

CVE-2015-0086

Ben Hawkes of Google Project Zero

MS15-022

Microsoft Word Local Zone Remote Code Execution Vulnerability

CVE-2015-0097

Eduardo Prado, working with Beyond Security’s SecuriTeam Secure Disclosure team

MS15-022

Microsoft SharePoint XSS Vulnerability

CVE-2015-1633

Adi Ivascu

MS15-022

Microsoft SharePoint XSS Vulnerability

CVE-2015-1636

Adi Ivascu

MS15-021

Adobe Font Driver Denial of Service Vulnerability

CVE-2015-0074

Mateusz Jurczyk of Google Project Zero

MS15-021

Adobe Font Driver Information Disclosure Vulnerability

CVE-2015-0087

Mateusz Jurczyk of Google Project Zero

MS15-021

Adobe Font Driver Remote Code Execution Vulnerability

CVE-2015-0088

Mateusz Jurczyk of Google Project Zero

MS15-021

Adobe Font Driver Information Disclosure Vulnerability

CVE-2015-0089

Mateusz Jurczyk of Google Project Zero

MS15-021

Adobe Font Driver Remote Code Execution Vulnerability

CVE-2015-0090

Mateusz Jurczyk of Google Project Zero

MS15-021

Adobe Font Driver Remote Code Execution Vulnerability

CVE-2015-0091

Mateusz Jurczyk of Google Project Zero

MS15-021

Adobe Font Driver Remote Code Execution Vulnerability

CVE-2015-0092

Mateusz Jurczyk of Google Project Zero

MS15-021

Adobe Font Driver Remote Code Execution Vulnerability

CVE-2015-0092

s3tm3m, working with HP’s Zero Day Initiative

MS15-021

Adobe Font Driver Remote Code Execution Vulnerability

CVE-2015-0093

Mateusz Jurczyk of Google Project Zero

MS15-020

WTS Remote Code Execution Vulnerability

CVE-2015-0081

Garage4Hackers, working with HP’s Zero Day Initiative

MS15-020

WTS Remote Code Execution Vulnerability

CVE-2015-0081

Francis Provencher of Protek Research Lab’s

MS15-020

DLL Planting Remote Code Execution Vulnerability

CVE-2015-0096

Michael Heerklotz, working with HP’s Zero Day Initiative

MS15-019

VBScript Memory Corruption Vulnerability

CVE-2015-0032

Bo Qu of Palo Alto Networks

MS15-018

VBScript Memory Corruption Vulnerability

CVE-2015-0032

Bo Qu of Palo Alto Networks

MS15-018

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0056

0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative

MS15-018

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0056

Jihui Lu of KeenTeam (@K33nTeam)

MS15-018

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0099

SkyLined, working with HP’s Zero Day Initiative

MS15-018

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0100

ca0nguyen, working with HP’s Zero Day Initiative

MS15-018

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1622

SkyLined, working with HP’s Zero Day Initiative

MS15-018

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1622

AMol NAik, working with HP’s Zero Day Initiative

MS15-018

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1623

0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative

MS15-018

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1624

Arthur Gerkis, working with HP’s Zero Day Initiative

MS15-018

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1625

Bo Qu of Palo Alto Networks

MS15-018

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1626

ca0nguyen, working with HP’s Zero Day Initiative

MS15-018

Internet Explorer Elevation of Privilege Vulnerability

CVE-2015-1627

Ashutosh Mehra

MS15-018

Internet Explorer Memory Corruption Vulnerability

CVE-2015-1634

An anonymous researcher, working with Beyond Security’s SecuriTeam Secure Disclosure team

MS15-018

Defense-in-depth change in this bulletin

-------------------

Michal Zalewski of Google Project Zero

MS15-018

Defense-in-depth change in this bulletin

-------------------

Zhang YunHai, NSFOCUS Security Team

MS15-018

Defense-in-depth change in this bulletin

-------------------

Noriaki Iwasaki of Cyber Defense Institute, Inc.

February 2015

MS15-016

TIFF Processing Information Disclosure Vulnerability

CVE-2015-0061

Michal Zalewski of Google Inc.

MS15-015

Windows Create Process Elevation of Privilege Vulnerability

CVE-2015-0062

James Forshaw of Google Project Zero

MS15-014

Group Policy Security Feature Bypass Vulnerability

CVE-2015-0009

Luke Jennings

MS15-012

Excel Remote Code Execution Vulnerability

CVE-2015-0063

Fermin J. Serna of the Google Security Team

MS15-012

Office Remote Code Execution Vulnerability

CVE-2015-0064

Ben Hawkes of Google Project Zero

MS15-012

OneTableDocumentStream Remote Code Execution Vulnerability

CVE-2015-0065

Ben Hawkes of Google Project Zero

MS15-011

Group Policy Remote Code Execution Vulnerability

CVE-2015-0008

Jeff Schmidt of JAS Global Advisors

MS15-011

Group Policy Remote Code Execution Vulnerability

CVE-2015-0008

Dr. Arnoldo Muller-Molina of simMachines

MS15-011

Group Policy Remote Code Execution Vulnerability

CVE-2015-0008

The Internet Corporation for Assigned Names and Numbers (ICANN)

MS15-010

Win32k Elevation of Privilege Vulnerability

CVE-2015-0003

Marcin Wiazowski, working with HP’s Zero Day Initiative

MS15-010

CNG Security Feature Bypass Vulnerability

CVE-2015-0010

James Forshaw of Google Project Zero

MS15-010

Win32k Elevation of Privilege Vulnerability

CVE-2015-0057

Udi Yavo, CTO of enSilo

MS15-010

Windows Cursor Object Double Free Vulnerability

CVE-2015-0058

n3phos, working with HP’s Zero Day Initiative

MS15-010

TrueType Font Parsing Remote Code Execution Vulnerability

CVE-2015-0059

Cris Neckar of Divergent Security

MS15-010

Windows Font Driver Denial of Service Vulnerability

CVE-2015-0060

Cris Neckar of Divergent Security

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0017

Aniway.Anyway@gmail.com, working with HP’s Zero Day Initiative

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0017

Adlab of Venustech

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0018

Bo Qu of Palo Alto Networks

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0019

Bo Qu of Palo Alto Networks

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0020

Liu Long of Qihoo 360

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0021

Liu Long of Qihoo 360

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0022

Yujie Wen of Qihoo 360

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0023

José A. Vázquez of VeriSign iDefense Labs

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0025

An anonymous researcher, working with HP’s Zero Day Initiative

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0026

Chen Zhang (demi6od) of NSFOCUS Security Team

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0027

Jason Kratzer, working with HP’s Zero Day Initiative

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0028

Yujie Wen of Qihoo 360

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0029

Yuki Chen of Qihoo 360

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0030

Chen Zhang (demi6od) of NSFOCUS Security Team

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0031

Aniway.Anyway@gmail.com, working with HP’s Zero Day Initiative

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0035

Sky, working with HP’s Zero Day Initiative

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0035

Pawel Wylecial, working with HP’s Zero Day Initiative

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0035

Li Kemeng of Baidu Anti-virus Team

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0036

An anonymous researcher, working with HP’s Zero Day Initiative

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0037

sweetchip@GRAYHASH, working with HP’s Zero Day Initiative

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0038

An anonymous researcher, working with HP’s Zero Day Initiative

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0038

Dhanesh Kizhakkinan of FireEye, Inc.

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0038

Bo Qu of Palo Alto Networks

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0039

Jihui Lu of KeenTeam (@K33nTeam)

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0040

SkyLined, working with HP’s Zero Day Initiative

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0041

0016EECD9D7159A949DAD3BC17E0A939, working with HP’s Zero Day Initiative

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0041

An anonymous researcher, working with HP’s Zero Day Initiative

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0041

Li Kemeng of Baidu Anti-virus Team

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0042

Omair working with HP’s Zero Day Initiative

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0043

Omair working with HP’s Zero Day Initiative

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0044

ca0nguyen, working with HP’s Zero Day Initiative

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0045

ca0nguyen, working with HP’s Zero Day Initiative

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0045

Bo Qu of Palo Alto Networks

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0046

Stephen Fewer of Harmony Security, working with HP’s Zero Day Initiative

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0048

SkyLined

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0049

SkyLined

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0050

SkyLined

MS15-009

Internet Explorer ASLR Bypass Vulnerability

CVE-2015-0051

SkyLined

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0052

SkyLined

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0053

SkyLined, working with HP’s Zero Day Initiative

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0053

Tao Qiu of Huawei's IT Infrastructure & Security Dept, BP & IT

MS15-009

Internet Explorer Elevation of Privilege Vulnerability

CVE-2015-0055

James Forshaw of Google Project Zero

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0066

Edward Torkington of NCC Group

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0066

Jihui Lu of KeenTeam (@K33nTeam)

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0067

Peter Vreugdenhil of exodusintel.com

MS15-009

Internet Explorer Memory Corruption Vulnerability

CVE-2015-0068

Bo Qu of Palo Alto Networks

MS15-009

Internet Explorer ASLR Bypass Vulnerability

CVE-2015-0069

Jack Tang of Trend Micro

MS15-009

Internet Explorer ASLR Bypass Vulnerability

CVE-2015-0071

The Labs Team of iSIGHT Partners

MS15-009

Internet Explorer ASLR Bypass Vulnerability

CVE-2015-0071

Clement Lecigne of Google Inc.

January 2015

MS15-008

WebDAV Elevation of Privilege Vulnerability

CVE-2015-0011

James Forshaw of Google Project Zero

MS15-006

Windows Error Reporting Security Feature Bypass Vulnerability

CVE-2015-0001

Alex Ionescu of Winsider Seminars & Solutions Inc. and CrowdStrike Inc.

MS15-005

NLA Security Feature Bypass Vulnerability

CVE-2015-0006

Jonas Vestberg of Sentor

MS15-004

Directory Traversal Elevation of Privilege Vulnerability

CVE-2015-0016

Liam O’Murchu of Symantec

MS15-002

Windows Telnet Service Buffer Overflow Vulnerability

CVE-2015-0014

Daiyuu Nobori and Christopher Hiroshi Higuchi SMITH of the University of Tsukuba


Show: