Acknowledgments – 2017

Microsoft extends thanks to the following for working with us to help protect customers.

Bulletin ID  

Vulnerability Title

CVE ID                                  

Acknowledgment

March 2017

MS17-022

Microsoft XML Core Services Information Disclosure Vulnerability

CVE-2017-0022

Brooks Li and Joseph C Chen, Trend Micro

MS17-022

Microsoft XML Core Services Information Disclosure Vulnerability

CVE-2017-0022

Will Metcalf and Kafeine of Proofpoint

MS17-021

Windows DirectShow Information Disclosure Vulnerabitliy

CVE-2017-0042

Abdulrahman Alqabandi (@qab)

MS17-020

Windows DVD Maker Cross-Site Request Forgery Vulnerability

CVE-2017-0045

John Page (hyp3rlinx), ApparitionSec

MS17-018

Win32k Elevation of Privilege Vulnerability

CVE-2017-0024

Hao Linan of Qihoo 360 Vulcan Team, working with POC/PwnFest

MS17-018

Win32k Elevation of Privilege Vulnerability

CVE-2017-0024

pgboy of Qihoo 360 Vulcan Team working with POC/PwnFest

MS17-018

Win32k Elevation of Privilege Vulnerability

CVE-2017-0024

zhong_sf of Qihoo 360 Vulcan Team working with POC/PwnFest

MS17-018

Win32k Elevation of Privilege Vulnerability

CVE-2017-0026

Hao Linan of Qihoo 360 Vulcan Team, working with POC/PwnFest

MS17-018

Win32k Elevation of Privilege Vulnerability

CVE-2017-0026

pgboy of Qihoo 360 Vulcan Team working with POC/PwnFest

MS17-018

Win32k Elevation of Privilege Vulnerability

CVE-2017-0026

zhong_sf of Qihoo 360 Vulcan Team working with POC/PwnFest

MS17-018

Win32k Elevation of Privilege Vulnerability

CVE-2017-0056

Peter Hlavaty (@zer0mem), KeenLab, Tencent

MS17-018

Win32k Elevation of Privilege Vulnerability

CVE-2017-0056

pgboy and zhong_sf of Qihoo 360 Vulcan Team

MS17-018

Win32k Elevation of Privilege Vulnerability

CVE-2017-0078

pgboy and zhong_sf of Qihoo 360 Vulcan Team

MS17-018

Win32k Elevation of Privilege Vulnerability

CVE-2017-0079

pgboy and zhong_sf of Qihoo 360 Vulcan Team

MS17-018

Win32k Elevation of Privilege Vulnerability

CVE-2017-0080

pgboy and zhong_sf of Qihoo 360 Vulcan Team

MS17-018

Win32k Elevation of Privilege Vulnerability

CVE-2017-0081

pgboy and zhong_sf of Qihoo 360 Vulcan Team

MS17-018

Win32k Elevation of Privilege Vulnerability

CVE-2017-0082

pgboy and zhong_sf of Qihoo 360 Vulcan Team

MS17-017

Windows Elevation of Privilege Vulnerability

CVE-2017-0101

Peter Hlavaty (@zer0mem), KeenLab, Tencent

MS17-017

Windows Registry Elevation of Privilege Vulnerability

CVE-2017-0103

James Forshaw of Google Project Zero

MS17-017

Windows Registry Elevation of Privilege Vulnerability

CVE-2017-0103

Mateusz Jurczyk of Google Project Zero

MS17-016

Microsoft IIS Server XSS Elevation of Privilege Vulnerability

CVE-2017-0055

David Fernandez of Sidertia Solutions

MS17-015

Microsoft Exchange Elevation of Privilege Vulnerability

CVE-2017-0110

Gabruel Lima (@gabrielpato)

MS17-014

Microsoft Office Memory Corruption Vulnerability

CVE-2017-0006

Yangkang & Liyadong & Wanglu of Qihoo 360 Qex Team

MS17-014

Microsoft Office Memory Corruption Vulnerability

CVE-2017-0019

Tony Loi of Fortinet's FortiGuard Labs

MS17-014

Microsoft Office Memory Corruption Vulnerability

CVE-2017-0019

Steven Vittitoe of Google Project Zero

MS17-014

Microsoft Office Memory Corruption Vulnerability

CVE-2017-0020

Qiang Liu, McAfee

MS17-014

Microsoft Office Information Disclosure Vulnerability

CVE-2017-0027

Jaanus Kääp of Clarified Security

MS17-014

Microsoft Office Denial of Service Vulnerability

CVE-2017-0029

David Wind of XSEC infosec GmbH

MS17-014

Microsoft Office Memory Corruption Vulnerability

CVE-2017-0030

@j00sean

MS17-014

Microsoft Office Memory Corruption Vulnerability

CVE-2017-0031

@j00sean

MS17-014

Microsoft Office Memory Corruption Vulnerability

CVE-2017-0052

Yangkang & Liyadong & Wanglu of Qihoo 360 Qex Team

MS17-014

Microsoft Office Memory Corruption Vulnerability

CVE-2017-0053

Haifei Li of Intel Security

MS17-014

Microsoft Office Information Disclosure Vulnerability

CVE-2017-0105

Fortinet’s FortiGuard Labs

MS17-014

Microsoft SharePoint XSS Vulnerability

CVE-2017-0107

Cheah Khai Ee, (@MercurialSec)

MS17-014

Microsoft Lync for Mac Certificate Validation Vulnerability

CVE-2017-0129

Jerry Decime, Hewlett Packard Enterprise

MS17-014

Defense-in-depth

-----------------

@j00sean

MS17-013

Windows GDI Elevation of Privilege Vulnerability

CVE-2017-0001

Peter Hlavaty (@zer0mem), KeenLab, Tencent

MS17-013

Windows GDI Elevation of Privilege Vulnerability

CVE-2017-0005

Lockheed Martin Computer Incident Response Team

MS17-013

Windows Graphics Component Remote Code Execution Vulnerability

CVE-2017-0014

Hossein Lotfi, Secunia Research at Flexera Software

MS17-013

Windows GDI Elevation of Privilege Vulnerability

CVE-2017-0025

Lokihart working with POC/PwnFest

MS17-013

Windows Graphics Component Information Disclosure Vulnerability

CVE-2017-0038

Mateusz Jurczyk of Google Project Zero

MS17-013

Windows GDI Elevation of Privilege Vulnerability

CVE-2017-0047

bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI)

MS17-013

GDI+ Information Disclosure vulnerability

CVE-2017-0060

Mateusz Jurczyk of Google Project Zero

MS17-013

Microsoft Color Management Information Disclosure vulnerability

CVE-2017-0061

Mateusz Jurczyk of Google Project Zero

MS17-013

GDI+ Information Disclosure Vulnerability

CVE-2017-0062

Mateusz Jurczyk of Google Project Zero

MS17-013

Microsoft Color Management Information Disclosure vulnerability

CVE-2017-0063

Mateusz Jurczyk of Google Project Zero

MS17-013

Windows GDI+ Information Disclosure Vulnerability

CVE-2017-0073

Symeon Paraschoudis of SensePost

MS17-013

Graphics Component Remote Code Execution Vulnerability

CVE-2017-0108

Mateusz Jurczyk of Google Project Zero

MS17-012

Device Guard Security Feature Bypass Vulnerability

CVE-2017-0007

Matt Nelson (@enigma0x3)

MS17-012

Windows DLL Loading Remote Code Execution Vulnerability

CVE-2017-0039

lywang of Tencent’s Xuanwu LAB

MS17-012

Windows DNS Query Information Disclosure Vulnerability

CVE-2017-0057

Martin Knafve - http://martinknafve.com/

MS17-012

Windows COM Elevation of Privilege Vulnerability

CVE-2017-0100

James Forshaw of Google Project Zero

MS17-012

iSNS Server Memory Corruption Vulnerability

CVE-2017-0104

Fortinet’s FortiGuard Labs

MS17-011

Uniscribe Remote Code Execution Vulnerability

CVE-2017-0072

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Remote Code Execution Vulnerability

CVE-2017-0083

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Remote Code Execution Vulnerability

CVE-2017-0084

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Information Disclosure Vulnerability

CVE-2017-0085

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Remote Code Execution Vulnerability

CVE-2017-0086

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Remote Code Execution Vulnerability

CVE-2017-0087

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Remote Code Execution Vulnerability

CVE-2017-0088

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Remote Code Execution Vulnerability

CVE-2017-0089

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Remote Code Execution Vulnerability

CVE-2017-0090

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Information Disclosure Vulnerability

CVE-2017-0091

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Information Disclosure Vulnerability

CVE-2017-0092

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Information Disclosure Vulnerability

CVE-2017-0111

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Information Disclosure Vulnerability

CVE-2017-0112

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Information Disclosure Vulnerability

CVE-2017-0113

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Information Disclosure Vulnerability

CVE-2017-0114

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Information Disclosure Vulnerability

CVE-2017-0115

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Information Disclosure Vulnerability

CVE-2017-0116

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Information Disclosure Vulnerability

CVE-2017-0117

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Information Disclosure Vulnerability

CVE-2017-0118

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Information Disclosure Vulnerability

CVE-2017-0119

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Information Disclosure Vulnerability

CVE-2017-0120

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Information Disclosure Vulnerability

CVE-2017-0121

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Information Disclosure Vulnerability

CVE-2017-0122

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Information Disclosure Vulnerability

CVE-2017-0123

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Information Disclosure Vulnerability

CVE-2017-0124

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Information Disclosure Vulnerability

CVE-2017-0125

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Information Disclosure Vulnerability

CVE-2017-0126

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Information Disclosure Vulnerability

CVE-2017-0127

Mateusz Jurczyk of Google Project Zero

MS17-011

Uniscribe Information Disclosure Vulnerability

CVE-2017-0128

Mateusz Jurczyk of Google Project Zero

MS17-009

Microsoft PDF Memory Corruption Vulnerability

CVE-2017-0023

Henry Li (zenhumany) of Trend Micro

MS17-008

Hyper-V vSMB Remote Code Execution Vulnerability

CVE-2017-0021

Saruhan Karademir

MS17-008

Hyper-V vSMB Remote Code Execution Vulnerability

CVE-2017-0021

Jordan Rabet, Microsoft Offensive Security Research Team

MS17-008

Microsoft Hyper-V Network Switch Denial of Service Vulnerability

CVE-2017-0051

Peter Hlavaty (@zer0mem), KeenLab, Tencent

MS17-008

Hyper-V Denial of Service Vulnerability

CVE-2017-0074

Alexander Malysh, Microsoft Network Virtualization Team

MS17-008

Hyper-V Denial of Service Vulnerability

CVE-2017-0074

Sumit Dhoble, Microsoft Network Virtualization Team

MS17-008

Hyper-V Remote Code Execution Vulnerability

CVE-2017-0075

Jordan Rabet, Microsoft Offensive Security Research Team

MS17-008

Hyper-V Denial of Service Vulnerability

CVE-2017-0076

Joe Bialek, MSRC Vulnerabilities and Mitigations Team

MS17-008

Hyper-V vSMB Remote Code Execution Vulnerability

CVE-2017-0095

Jonathan Bar Or, Windows Defender ATP Research Team

MS17-008

Hyper-V Information Disclosure Vulnerability

CVE-2017-0096

Jordan Rabet, Microsoft Offensive Security Research Team

MS17-008

Hyper-V Denial of Service Vulnerability

CVE-2017-0097

MSRC Vulnerabilities and Mitigations Team

MS17-008

Hyper-V Denial of Service Vulnerability

CVE-2017-0097

Lakewood Communications

MS17-008

Hyper-V Denial of Service Vulnerability

CVE-2017-0099

Jordan Rabet, Microsoft Offensive Security Research Team

MS17-008

Hyper-V Remote Code Execution Vulnerability

CVE-2017-0109

MSRC Vulnerabilities and Mitigations Team

MS17-008

Defense-in-depth

-----------------

Yanhui Zhao, Ke Sun of Intel SeCoE
Ya Ou, Xiaomin Song, Xiaoning Li of Intel Labs

MS17-007

Microsoft Browser Information Disclosure Vulnerability

CVE-2017-0009

Scott Bell of Security-Assessment.com

MS17-007

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0010

Zhang Hanming of Qihoo 360 Vulcan Team

MS17-007

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0010

Dhanesh Kizhakkinan of FireEye Inc

MS17-007

Microsoft Edge Information Disclosure Vulnerability

CVE-2017-0011

Suto, working with Trend Micro’s Zero Day Initiative (ZDI)

MS17-007

Microsoft Browser Spoofing Vulnerability

CVE-2017-0012

Zhang Lin, http://xsseng.com

MS17-007

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0015

Lokihart working with POC/PwnFest

MS17-007

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0015

Simon Zuckerbraun, working with Trend Micro’s Zero Day Initiative (ZDI)

MS17-007

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0015

Qixun Zhao of Qihoo 360 Skyeye Labs

MS17-007

Microsoft Edge Information Disclosure Vulnerability

CVE-2017-0017

Masato Kinugawa of Cure53

MS17-007

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0032

Hao Linan of Qihoo 360 Vulcan Team

MS17-007

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0032

Anonymous, working with Trend Micro’s Zero Day Initiative (ZDI)

MS17-007

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0032

Qixun Zhao of Qihoo 360 Skyeye Labs

MS17-007

Microsoft Edge Memory Corruption Vulnerability

CVE-2017-0034

Zhong Zhaochen (@asnine) of Neusoft

MS17-007

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0035

Dhanesh Kizhakkinan of FireEye Inc

MS17-007

Microsoft Browser Memory Corruption Vulnerability

CVE-2017-0037

Ivan Fratric working with Google Project Zero

MS17-007

Microsoft Browser Information Disclosure Vulnerability

CVE-2017-0065

Henri Aho - https://www.linkedin.com/in/henri-aho-497abab6/

MS17-007

Microsoft Browser Security Feature Bypass Vulnerability

CVE-2017-0066

Jun Kokatsu (@shhnjk)

MS17-007

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0067

Dhanesh Kizhakkinan of FireEye Inc

MS17-007

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0067

Gary Kwong

MS17-007

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0067

bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI)

MS17-007

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0067

Henry Li (zenhumany) of Trend Micro

MS17-007

Microsoft Browser Information Disclosure Vulnerability

CVE-2017-0068

Jun Kokatsu (@shhnjk)

MS17-007

Microsoft Edge Spoofing Vulnerability

CVE-2017-0069

Jun Kokatsu (@shhnjk)

MS17-007

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0070

Lokihart of Google Project Zero

MS17-007

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0071

Lokihart of Google Project Zero

MS17-007

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0094

bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI)

MS17-007

Microsoft Edge Memory Corruption Vulnerability

CVE-2017-0131

Dhanesh Kizhakkinan of FireEye Inc

MS17-007

Microsoft Edge Memory Corruption Vulnerability

CVE-2017-0132

Microsoft Chakra Core Team

MS17-007

Scripting Engine Memory Corruption Vulnerabilty

CVE-2017-0133

Dhanesh Kizhakkinan of FireEye Inc

MS17-007

Microsoft Edge Security Feature Bypass

CVE-2017-0134

Jordan Rabet, Microsoft Offensive Security Research Team

MS17-007

Microsoft Edge Security Feature Bypass

CVE-2017-0135

Xiaoyin Liu (@general_nfs)

MS17-007

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0136

Michael Holman, Microsoft Chakra Core Team

MS17-007

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0137

Nicolas Joly of MSRCE UK

MS17-007

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0138

Scott Bell of Security-Assessment.com

MS17-007

Microsoft Edge Security Feature Bypass

CVE-2017-0140

Yorick Koster of Securify B.V.

MS17-007

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0141

Semmle Inc

MS17-007

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0150

Microsoft ChakraCore Team

MS17-007

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0151

Microsoft ChakraCore Team

MS17-006

Microsoft Browser Information Disclosure Vulnerability

CVE-2017-0009

Scott Bell of Security-Assessment.com

MS17-006

Internet Explorer Memory Corruption Vulnerability

CVE-2017-0018

Kai Song exp-sky of Tencent's Xuanwu Lab, working with Trend Micro's Zero Day Initiative (ZDI)

MS17-006

Microsoft Browser Memory Corruption Vulnerability

CVE-2017-0037

Ivan Fratric working with Google Project Zero

MS17-006

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0040

Scott Bell of Security-Assessment.com

MS17-006

Scripting Engine Information Disclosure Vulnerability

CVE-2017-0049

Scott Bell of Security-Assessment.com

MS17-006

Internet Explorer Information Disclosure Vulnerability

CVE-2017-0059

Ivan Fratric of Google Project Zero

MS17-006

Scripting Engine Memory Corruption Vulnerability

CVE-2017-0130

Scott Bell of Security-Assessment.com

January 2017

MS17-004

Local Security Authority Subsystem Service Denial of Service Vulnerability

CVE-2017-0004

Nicolás Economou of Core Security

MS17-004

Local Security Authority Subsystem Service Denial of Service Vulnerability

CVE-2017-0004

Laurent Gaffie

MS17-002

Microsoft Office Memory Corruption Vulnerability

CVE-2017-0003

Tony Loi of Fortinet’s FortiGuard Labs

3109853

Defense-in-depth

-----------------

Thanks to Aaron Coleman, Fitabase, for assistance in identifying the issue.


Show: