Microsoft Security Advisories

Microsoft Security Advisories, a supplement to the Microsoft Security Bulletins, address security changes that may not require a security bulletin but that may still affect customers' overall security.

Microsoft Security Advisories are a way for Microsoft to communicate security information to customers about issues that may not be classified as vulnerabilities and may not require a security bulletin. Each advisory is accompanied with a unique Microsoft Knowledge Base Article number for reference to provide additional information about the changes.

Some examples of topics that security advisories discuss include the following:

  • "Defense in Depth" security enhancements or changes that are unrelated to security vulnerabilities
  • Guidance and mitigations that may be applicable for publicly disclosed vulnerabilities
Microsoft is committed to providing timely and prescriptive guidance. We encourage customers to provide feedback by completing the form at the Customer Service Contact Us page.

On this page:

Frequently Asked Questions

Q. What kind of information will security advisories contain?

A.

Security advisories contain a top-level summary that details the reason for issuing the advisory, frequently asked questions and suggested actions. Once issued, advisories may be revised as required to reflect new information or guidance.

Q. How are security advisories different from security bulletins?

A.

Microsoft Security Bulletins provide information and guidance about updates that are available to address software vulnerabilities that may exist in Microsoft products. With each security bulletin that is released, there is an associated software update available for the affected product. Microsoft Security Advisories are meant to give customers detailed information and guidance on a variety of security-related issues that may not be specifically tied to a software update. For example, an advisory may detail Microsoft software updates that might not address a security vulnerability in the software, but that may introduce changes to the behavior of the product or that introduce new functionality designed to help protect customers from attack.

Q. Could a security advisory become a security bulletin?

A.

In cases where we have issued a security advisory to provide guidance on a publicly disclosed vulnerability, once an update was developed to address that software vulnerability we may update the security advisory to reflect the availability of the security bulletin and point customers to that security bulletin for more information.

Q. Will every security advisory become a security bulletin?

A.

No. A security advisory may be updated to point to a security bulletin in cases where a security update has been released to address a vulnerability described in the security advisory.

Q. Will customers be able to sign up for email or RSS notification about new security advisories?

A.

Yes. A Security Advisory RSS Feed is now available. RSS To receive automatic e-mail notifications whenever a security advisory is issued or updated, subscribe to the Microsoft Security Notification Service: Comprehensive Edition.

Q. How frequently are you going to update the security advisories after they have been issued?

A.

Security advisories may be updated any time we have new information that assists customers and helps protect them from security threats. During the early stages of a security update, a security advisory it might go through several revisions as our investigation continues and additional guidance is provided. If a security advisory results in a security bulletin, the advisory may be updated to reflect the availability of the bulletin and its associated security update.

Q. How much time after a public report can we expect to see an advisory?

A.

Security advisories are designed to provide timely information to all Microsoft customers. To that end, we may provide a security advisory within one business day of being notified of an issue that we believe is best communicated using an advisory.

Q. Why doesn’t the Advance Notification (ANS) include information about security advisories?

A.

Since it is our goal to issue security advisories as soon as possible after learning that customers are affected by a security incident or issue, advance notice via the monthly ANS is not practical for timing reasons.

Q. How will customers know when there is a call to action associated with these security advisories?

A.

There is a Suggested Actions section in each advisory to detail any action that users may have to take to help protect themselves.

All Published or Updated Security Advisories

Disclaimer: The information provided in this document is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Related Links

Get security bulletin notifications 
Get security bulletin notifications
Receive up-to-date information in RSS or e-mail format.

MSRC Blog 
Microsoft Security Response Center (MSRC) blog
View MSRC webcasts, posts, and Q&A for insights on bulletins and advisories.

Report a vulnerability 
Report a vulnerability
Contribute to MSRC investigations of security vulnerabilities.


Date Advisory Number Advisory Description
4/8/2014 2755801 Microsoft Security Advisory (2755801): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)
4/8/2014 2953095 Microsoft Security Advisory (2953095): Vulnerability in Microsoft Word Could Allow Remote Code Execution (2953095)
3/11/2014 2934088 Microsoft Security Advisory (2934088): Vulnerability in Internet Explorer Could Allow Remote Code Execution
2/28/2014 2862152 Vulnerability in DirectAccess and IPsec Could Allow Security Feature Bypass
2/27/2014 2871690 Update to Revoke Non-compliant UEFI Modules
2/11/2014 2915720 Changes in Windows Authenticode Signature Verification
2/11/2014 2862973 Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
1/15/2014 2916652 Improperly Issued Digital Certificates Could Allow Spoofing
1/14/2014 2914486 Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege
12/10/2013 2896666 Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
12/10/2013 2905247 Insecure ASP.NET Site Configuration Could Allow Elevation of Privilege
11/12/2013 2880823 Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program
11/12/2013 2854544 Updates to Improve Cryptography and Digital Certificate Handling in Windows
11/12/2013 2868725 Update for Disabling RC4
10/8/2013 2887505 Vulnerability in Internet Explorer Could Allow Remote Code Execution
8/13/2013 2861855 Updates to Improve Remote Desktop Protocol Network-level Authentication
8/4/2013 2876146 Wireless PEAP-MS-CHAPv2 Authentication Could Allow Information Disclosure
7/3/2013 2719662 Vulnerabilities in Gadgets Could Allow Remote Code Execution
5/14/2013 2820197 Update Rollup for ActiveX Kill Bits
5/14/2013 2846338 Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution
5/14/2013 2847140 Vulnerability in Internet Explorer Could Allow Remote Code Execution
3/26/2013 2819682 Security Updates for Microsoft Windows Store Applications
1/14/2013 2794220 Vulnerability in Internet Explorer Could Allow Remote Code Execution
1/14/2013 2798897 Fraudulent Digital Certificates Could Allow Spoofing
1/8/2013 973811 Extended Protection for Authentication
12/11/2012 2749655 Compatibility Issues Affecting Signed Microsoft Binaries
11/13/2012 2269637 Insecure Library Loading Could Allow Remote Code Execution
10/9/2012 2737111 Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution
10/9/2012 2661254 Update For Minimum Certificate Key Length
9/21/2012 2757760 Vulnerability in Internet Explorer Could Allow Remote Code Execution
9/11/2012 2736233 Update Rollup for ActiveX Kill Bits
9/5/2012 2728973 Unauthorized Digital Certificates Could Allow Spoofing
8/20/2012 2743314 Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure
7/10/2012 2719615 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
6/13/2012 2718704 Unauthorized Digital Certificates Could Allow Spoofing
5/8/2012 2695962 Update Rollup for ActiveX Kill Bits
3/13/2012 2647518 Update Rollup for ActiveX Kill Bits
1/19/2012 2641690 Fraudulent Digital Certificates Could Allow Spoofing
1/10/2012 2588513 Vulnerability in SSL/TLS Could Allow Information Disclosure
12/29/2011 2659883 Vulnerability in ASP.NET Could Allow Denial of Service
12/13/2011 2639658 Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege
9/19/2011 2607712 Fraudulent Digital Certificates Could Allow Spoofing
8/9/2011 2562937 Update Rollup for ActiveX Kill Bits
7/6/2011 2524375 Fraudulent Digital Certificates Could Allow Spoofing
6/30/2011 2501584 Release of Microsoft Office File Validation for Microsoft Office
4/12/2011 2501696 Vulnerability in MHTML Could Allow Information Disclosure
4/12/2011 2506014 Update for the Windows Operating System Loader
3/8/2011 2491888 Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of Privilege
2/22/2011 967940 Update for Windows Autorun
2/8/2011 2488013 Vulnerability in Internet Explorer Could Allow Remote Code Execution
2/8/2011 2490606 Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
12/14/2010 2458511 Vulnerability in Internet Explorer Could Allow Remote Code Execution
9/28/2010 2416728 Vulnerability in ASP.NET Could Allow Information Disclosure
9/14/2010 2401593 Vulnerability in Outlook Web Access Could Allow Elevation of Privilege
8/10/2010 977377 Vulnerability in TLS/SSL Could Allow Spoofing
8/10/2010 2264072 Elevation of Privilege Using Windows Service Isolation Bypass
8/2/2010 2286198 Vulnerability in Windows Shell Could Allow Remote Code Execution
7/13/2010 2219475 Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution
7/13/2010 2028859 Vulnerability in Canonical Display Driver Could Allow Remote Code Execution
6/9/2010 980088 Vulnerability in Internet Explorer Could Allow Information Disclosure
6/8/2010 983438 Vulnerability in Microsoft SharePoint Could Allow Elevation of Privilege
4/13/2010 981169 Vulnerability in VBScript Could Allow Remote Code Execution
4/13/2010 977544 Vulnerability in SMB Could Allow Denial of Service
3/30/2010 981374 Vulnerability in Internet Explorer Could Allow Remote Code Execution
2/9/2010 979682 Vulnerability in Windows Kernel Could Allow Elevation of Privilege
1/21/2010 979352 Vulnerability in Internet Explorer Could Allow Remote Code Execution
1/12/2010 979267 Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP Could Allow Remote Code Execution
12/8/2009 954157 Security Enhancements for the Indeo Codec
12/8/2009 974926 Credential Relaying Attacks on Integrated Windows Authentication
12/8/2009 977981 Vulnerability in Internet Explorer Could Allow Remote Code Execution
10/13/2009 975191 Vulnerabilities in the FTP Service in Internet Information Services
10/13/2009 973882 Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution
10/13/2009 975497 Vulnerabilities in SMB Could Allow Remote Code Execution
8/11/2009 973472 Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
7/14/2009 971778 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
7/14/2009 972890 Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution
6/17/2009 956391 Update Rollup for ActiveX Kill Bits
6/17/2009 960715 Update Rollup for ActiveX Kill Bits
6/17/2009 969898 Update Rollup for ActiveX Kill Bits
6/9/2009 971888 Update for DNS Devolution
6/9/2009 945713 Vulnerability in Web Proxy Auto-Discovery (WPAD) Could Allow Information Disclosure
6/9/2009 971492 Vulnerability in Internet Information Services Could Allow Elevation of Privilege
5/12/2009 969136 Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution
4/14/2009 951306 Vulnerability in Windows Could Allow Elevation of Privilege
4/14/2009 953818 Blended Threat from Combined Attack Using Apple’s Safari on the Windows Platform
4/14/2009 968272 Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution
4/14/2009 960906 Vulnerability in WordPad Text Converter Could Allow Remote Code Execution
3/11/2009 953839 Update Rollup for ActiveX Kill Bits
2/10/2009 961040 Vulnerability in SQL Server Could Allow Remote Code Execution
12/30/2008 961509 Research proves feasibility of collision attacks against MD5
12/17/2008 961051 Vulnerability in Internet Explorer Could Allow Remote Code Execution
10/27/2008 958963 Exploit Code Published Affecting the Server Service
8/12/2008 953252 AutoRun Enforcement in Windows
8/12/2008 954960 Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates
8/12/2008 955179 Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution
8/12/2008 953635 Vulnerability in Microsoft Word Could Allow Remote Code Execution
7/25/2008 956187 Increased Threat for DNS Spoofing Vulnerability
6/25/2008 954462 Rise in SQL Injection Attacks Exploiting Unverified User Data Input
6/17/2008 954474 System Center Configuration Manager 2007 Blocked from Deploying Security Updates
5/13/2008 950627 Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution
4/23/2008 932596 Update to Improve Kernel Patch Protection
3/12/2008 947563 Vulnerability in Microsoft Excel Could Allow Remote Code Execution
1/8/2008 943411 Update to Improve Windows Sidebar Protection
12/11/2007 944653 Vulnerability in Macrovision SECDRV.SYS Driver on Windows Could Allow Elevation of Privilege
11/13/2007 943521 URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution
5/24/2007 927891 Update for Windows Installer (MSI)
5/21/2007 937696 Release of Microsoft Office Isolated Conversion Environment (MOICE) and File Block Functionality for Microsoft Office
5/9/2007 933052 Vulnerability in Microsoft Word Could Allow Remote Code Execution
5/8/2007 935964 Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution
4/3/2007 935423 Vulnerability in Windows Animated Cursor Handling
2/13/2007 932553 Vulnerability in Microsoft Office Could Allow Remote Code Execution
2/13/2007 932114 Vulnerability in Microsoft Word 2000 Could Allow Remote Code Execution
2/13/2007 929433 Vulnerability in Microsoft Word Could Allow Remote Code Execution
12/12/2006 927709 Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution
11/16/2006 928604 Exploit Code Published Affecting the Windows Client Server Run-Time Subsystem
11/14/2006 925444 Vulnerability in the Microsoft DirectAnimation Path ActiveX Control Could Allow Remote Code Execution
11/14/2006 925143 Adobe Security Bulletin: APSB06-11 Flash Player Update to Address Security Vulnerabilities
11/14/2006 927892 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
10/17/2006 917021 Description of the Wi-Fi Protected Access 2 support for Wireless Group Policy in Windows XP Service Pack 2
10/10/2006 926043 Vulnerability in Windows Shell Could Allow Remote Code Execution
10/10/2006 925059 Vulnerability in Word Could Allow Remote Code Execution
10/10/2006 925984 Vulnerability in PowerPoint Could Allow Remote Code Execution
9/26/2006 925568 Vulnerability in Vector Markup Language Could Allow Remote Code Execution
9/12/2006 922582 Update for Windows
8/24/2006 923762 Microsoft Security Advisory (923762): Long URLs to sites using HTTP 1.1 and compression Could Cause Internet Explorer 6 Service Pack 1 to Unexpectedly Exit
8/13/2006 922437 Exploit Code Published Affecting the Server Service
8/11/2006 922970 Vulnerability in PowerPoint Could Allow Remote Code Execution
7/11/2006 921365 Vulnerability in Excel Could Allow Remote Code Execution
6/23/2006 921923 Proof of Concept Code Published Affecting the Remote Access Connection Manager Service
6/13/2006 919637 Vulnerability in Word Could Allow Remote Code Execution
6/13/2006 912945 Non-Security Update for Internet Explorer
6/13/2006 914784 Update to Improve Kernel Patch Protection
5/11/2006 910550 Macromedia Security Bulletin: MPSB05-07 Flash Player 7 Improper Memory Access Vulnerability
5/11/2006 916208 Adobe Security Bulletin: APSB06-03 Flash Player Update to Address Security Vulnerabilities
4/11/2006 917077 Vulnerability in the way HTML Objects Handle Unexpected Method Calls Could Allow Remote Code Execution
3/14/2006 914457 Vulnerability in Windows Service ACLs
2/21/2006 906267 A COM Object (Msdds.dll) Could Cause Internet Explorer to Unexpectedly Exit
2/14/2006 913333 Vulnerability in Internet Explorer Could Allow Remote Code Execution
2/1/2006 904420 Win32/Mywife.E@mm
1/5/2006 912840 Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution.
1/3/2006 912920 Systems that are infected with Win32/Sober.Z@mm may download and run malicious files from certain Web domains beginning on January 6, 2006
12/13/2005 911302 Vulnerability in the way Internet Explorer Handles Mismatched Document Object Model Objects Could Allow Remote Code Execution.
11/18/2005 911052 Memory Allocation Denial of Service Via RPC
10/14/2005 909444 Various Issues After Installing Microsoft Security Bulletin MS05-051 on Systems That Have Non-default File Permissions
8/31/2005 897663 Windows Firewall Exception May Not Display in the User Interface
8/23/2005 906574 Clarification of Simple File Sharing and ForceGuest
8/17/2005 899588 Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege
8/9/2005 904797 Vulnerability in Remote Desktop Protocol (RDP) Could Lead to Denial of Service
7/12/2005 903144 A COM Object (Javaprxy.dll) Could Cause Internet Explorer to Unexpectedly Exit
6/28/2005 891861 Release of Update Rollup 1 for Windows 2000 Service Pack 4 (SP4)
6/21/2005 902333 Browser Windows Without Indications of Their Origins may be Used in Phishing Attempts
5/18/2005 899480 Vulnerability in TCP Could Allow Connection Reset
5/10/2005 842851 Clarification Of The SMTP Tar Pit Feature That Is Provided For Exchange Server 2003 in Windows Server 2003 Service Pack 1
5/10/2005 892313 Default Setting in Windows Media Player Digital Rights Management Could Allow a User to Open a Web Page Without Requesting Permission