Acknowledgments – 2015

Microsoft extends thanks to the following for working with us to help protect customers.

**Bulletin ID** **Vulnerability Title** **CVE ID** **Acknowledgment**
**December 2015**
[MS15-135](http://go.microsoft.com/fwlink/?linkid=708239) Windows Kernel Memory Elevation of Privilege Vulnerability [CVE-2015-6171](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6171) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS15-135](http://go.microsoft.com/fwlink/?linkid=708239) Windows Kernel Memory Elevation of Privilege Vulnerability [CVE-2015-6173](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6173) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS15-135](http://go.microsoft.com/fwlink/?linkid=708239) Windows Kernel Memory Elevation of Privilege Vulnerability [CVE-2015-6174](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6174) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS15-135](http://go.microsoft.com/fwlink/?linkid=708239) Windows Kernel Memory Elevation of Privilege Vulnerability [CVE-2015-6175](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6175) ChenDong Li of [Tencent](http://tencent.com/)
[MS15-134](http://go.microsoft.com/fwlink/?linkid=699419) Windows Media Center Information Disclosure Vulnerability [CVE-2015-6127](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6127) Francisco Falcon of [Core Security](http://www.coresecurity.com/advisories/microsoft-windows-media-center-link-file-incorrectly-resolved-reference)
[MS15-134](http://go.microsoft.com/fwlink/?linkid=699419) Media Center Library Parsing RCE Vulnerability [CVE-2015-6131](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6131) Zhang YunHai of [NSFOCUS Security Team](http://www.nsfocus.com/)
[MS15-134](http://go.microsoft.com/fwlink/?linkid=699419) Windows Library Loading Remote Code Execution Vulnerability [CVE-2015-6128](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6128) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS15-134](http://go.microsoft.com/fwlink/?linkid=699419) Windows Library Loading Remote Code Execution Vulnerability [CVE-2015-6128](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6128) Parvez Anwar
[MS15-132](http://go.microsoft.com/fwlink/?linkid=699415) Windows Library Loading Remote Code Execution Vulnerability [CVE-2015-6132](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6132) Yorick Koster of Securify B.V.
[MS15-132](http://go.microsoft.com/fwlink/?linkid=699415) Windows Library Loading Remote Code Execution Vulnerability [CVE-2015-6132](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6132) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS15-131](http://go.microsoft.com/fwlink/?linkid=699410) Microsoft Office Memory Corruption Vulnerability [CVE-2015-6040](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6040) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS15-131](http://go.microsoft.com/fwlink/?linkid=699410) Microsoft Office Memory Corruption Vulnerability [CVE-2015-6118](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6118) Kai Lu of Fortinet's FortiGuard Labs
[MS15-131](http://go.microsoft.com/fwlink/?linkid=699410) Microsoft Office Memory Corruption Vulnerability [CVE-2015-6122](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6122) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS15-131](http://go.microsoft.com/fwlink/?linkid=699410) Microsoft Office RCE Vulnerability [CVE-2015-6172](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6172) Haifei Li
[MS15-131](http://go.microsoft.com/fwlink/?linkid=699410) Microsoft Office Memory Corruption Vulnerability [CVE-2015-6177](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6177) Kai Lu of Fortinet's FortiGuard Labs
[MS15-130](http://go.microsoft.com/fwlink/?linkid=699420) Windows Integer Underflow Vulnerability [CVE-2015-6130](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6130) Hossein Lotfi, [Secunia Research](http://secunia.com/) (now part of Flexera Software)
[MS15-129](http://go.microsoft.com/fwlink/?linkid=691214) Microsoft Silverlight Information Disclosure Vulnerability [CVE-2015-6165](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6165) Marcin '[Icewal](http://www.icewall.pl/)l' Noga of Cisco Talos
[MS15-128](http://go.microsoft.com/fwlink/?linkid=690559) Graphics Memory Corruption Vulnerability [CVE-2015-6106](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6106) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS15-128](http://go.microsoft.com/fwlink/?linkid=690559) Graphics Memory Corruption Vulnerability [CVE-2015-6107](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6107) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS15-126](http://go.microsoft.com/fwlink/?linkid=699421) Scripting Engine Information Disclosure Vulnerability [CVE-2015-6135](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6135) Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-126](http://go.microsoft.com/fwlink/?linkid=699421) Scripting Engine Memory Corruption Vulnerability [CVE-2015-6136](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6136) Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-126](http://go.microsoft.com/fwlink/?linkid=699421) Scripting Engine Memory Corruption Vulnerability [CVE-2015-6136](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6136) An anonymous researcher, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-126](http://go.microsoft.com/fwlink/?linkid=699421) Scripting Engine Memory Corruption Vulnerability [CVE-2015-6136](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6136) Yuki Chen of Qihoo 360Vulcan Team
[MS15-126](http://go.microsoft.com/fwlink/?linkid=699421) Scripting Engine Memory Corruption Vulnerability [CVE-2015-6137](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6137) Anonymous contributor, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) Microsoft Browser Elevation of Privilege Vulnerability [CVE-2015-6139](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6139) Michal Bentkowski
[MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6140](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6140) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6142](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6142) Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6142](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6142) Zheng Huang of the [Baidu Scloud XTeam](http://xlab.baidu.com/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6148](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6148) A3F2160DCA1BDE70DA1D99ED267D5DC1EC336192, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6151](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6151) Li Kemeng of Baidu Security Team(x-Team) , working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) Microsoft Edge Memory Corruption Vulnerability [CVE-2015-6153](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6153) Shi Ji (@Puzzor) of [VARAS@IIE](http://www.iie.ac.cn/)
[MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6154](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6154) ChenDong Li and YunZe Ni of [Tencent](http://tencent.com/)
[MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6155](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6155) Zheng Huang of the [Baidu Scloud XTeam](http://xlab.baidu.com/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6158](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6158) Zheng Huang of the [Baidu Scloud XTeam](http://xlab.baidu.com/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6159](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6159) Zheng Huang of the [Baidu Scloud XTeam](http://xlab.baidu.com/)
[MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6159](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6159) Jason Kratzer, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) Microsoft Browser ASLR Bypass [CVE-2015-6161](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6161) Rh0
[MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) Microsoft Edge Memory Corruption Vulnerability [CVE-2015-6168](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6168) SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) Microsoft Edge Spoofing Vulnerability [CVE-2015-6169](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6169) [Stephan Brunner](https://stephan-brunner.net/)
[MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) Microsoft Edge Elevation of Privilege Vulnerability [CVE-2015-6170](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6170) Mario Heiderich of [Cure53](https://cure53.de/)
[MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) Microsoft Edge XSS Filter Bypass Vulnerability [CVE-2015-6176](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6176) Masato Kinugawa
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6083](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6083) Hui Gao of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6083](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6083) B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6134](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6134) SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Scripting Engine Information Disclosure Vulnerability [CVE-2015-6135](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6135) Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Scripting Engine Information Disclosure Vulnerability [CVE-2015-6136](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6136) Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Microsoft Browser Elevation of Privilege Vulnerability [CVE-2015-6139](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6139) Michal Bentkowski
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6140](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6140) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6141](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6141) B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6142](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6142) Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Microsoft Browser XSS Filter Bypass Vulnerability [CVE-2015-6144](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6144) Masato Kinugawa
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Microsoft Browser XSS Filter Bypass Vulnerability [CVE-2015-6144](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6144) [Filedescriptor](https://twitter.com/filedescriptor)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6145](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6145) Cong Zhang and Yi Jiang, working with [Beijing VRV Software Co., LTD.](http://www.vrv.com.cn/)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6146](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6146) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6147](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6147) B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6148](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6148) A3F2160DCA1BDE70DA1D99ED267D5DC1EC336192, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6149](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6149) B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6150](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6150) B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6151](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6151) Li Kemeng of Baidu Security Team(x-Team) , working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6152](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6152) Moritz Jodeit of [Blue Frost Security](https://www.bluefrostsecurity.de/en/)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6153](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6153) Shi Ji (@Puzzor) of [VARAS@IIE](http://www.iie.ac.cn/)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6154](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6154) ChenDong Li and YunZe Ni of [Tencent](http://tencent.com/)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6155](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6155) Zheng Huang of the [Baidu Scloud XTeam](http://xlab.baidu.com/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6156](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6156) Anonymous contributor, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6157](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6157) Zheng Huang of the [Baidu Scloud XTeam](http://xlab.baidu.com/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6158](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6158) Zheng Huang of the [Baidu Scloud XTeam](http://xlab.baidu.com/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6159](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6159) Zheng Huang of the [Baidu Scloud XTeam](http://xlab.baidu.com/)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6159](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6159) Jason Kratzer, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6160](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6160) Garage4Hackers, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Internet Explorer ASLR Bypass [CVE-2015-6161](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6161) Rh0
[MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6162](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6162) Wenxiang Qian of [Tencent](http://tencent.com/)[QQBrowser](http://browser.qq.com/)
**November 2015**
[MS15-123](http://go.microsoft.com/fwlink/?linkid=691035) Server Input Validation Information Disclosure Vulnerability [CVE-2015-6061](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6061) Fatih Ozavci - [Sense of Security](http://www.senseofsecurity.com.au/)
[MS15-122](http://go.microsoft.com/fwlink/?linkid=690720) Windows Kerberos Security Feature Bypass [CVE-2015-6095](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6095) Ian Haken of Synopsys Inc.
[MS15-119](http://go.microsoft.com/fwlink/?linkid=690588) Winsock Elevation of Privilege Vulnerability [CVE-2015-2478](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2478) Alex Ionescu of [Winsider Seminars & Solutions Inc.](http://www.alex-ionescu.com/)
[MS15-119](http://go.microsoft.com/fwlink/?linkid=690588) Winsock Elevation of Privilege Vulnerability [CVE-2015-2478](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2478) Thomas Faber, of [CrowdStrike Inc.](http://www.crowdstrike.com/)
[MS15-118](http://go.microsoft.com/fwlink/?linkid=690565) .NET Elevation of Privilege Vulnerability [CVE-2015-6099](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6099) John Page aka [hyp3rlinx](http://hyp3rlinx.altervista.org/)
[MS15-117](http://go.microsoft.com/fwlink/?linkid=690723) Windows NDIS Elevation of Privilege Vulnerability [CVE-2015-6098](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6098) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS15-116](http://go.microsoft.com/fwlink/?linkid=690594) Microsoft Office Memory Corruption Vulnerability [CVE-2015-6038](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6038) Steven Seeley of [Source Incite](http://srcincite.io/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-116](http://go.microsoft.com/fwlink/?linkid=690594) Microsoft Office Memory Corruption Vulnerability [CVE-2015-6091](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6091) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS15-116](http://go.microsoft.com/fwlink/?linkid=690594) Microsoft Office Memory Corruption Vulnerability [CVE-2015-6092](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6092) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS15-116](http://go.microsoft.com/fwlink/?linkid=690594) Microsoft Office Memory Corruption Vulnerability [CVE-2015-6093](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6093) SignalSEC Research, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-116](http://go.microsoft.com/fwlink/?linkid=690594) Microsoft Office Memory Corruption Vulnerability [CVE-2015-6094](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6094) Steven Seeley of [Source Incite](http://srcincite.io/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-116](http://go.microsoft.com/fwlink/?linkid=690594) Microsoft Outlook for Mac Spoofing Vulnerability [CVE-2015-6123](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6123) Mark Robbins [Rebelmail](http://rebelmail.com/)
[MS15-115](http://go.microsoft.com/fwlink/?linkid=691032) Windows Kernel Memory Elevation of Privilege Vulnerability [CVE-2015-6100](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6100) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS15-115](http://go.microsoft.com/fwlink/?linkid=691032) Windows Kernel Memory Elevation of Privilege Vulnerability [CVE-2015-6101](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6101) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS15-115](http://go.microsoft.com/fwlink/?linkid=691032) Windows Kernel Memory Information Disclosure Vulnerability [CVE-2015-6102](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6102) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS15-115](http://go.microsoft.com/fwlink/?linkid=691032) Windows Graphics Memory Remote Code Execution Vulnerability [CVE-2015-6103](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6103) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS15-115](http://go.microsoft.com/fwlink/?linkid=691032) Windows Graphics Memory Remote Code Execution Vulnerability [CVE-2015-6104](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6104) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS15-115](http://go.microsoft.com/fwlink/?linkid=691032) Windows Kernel Security Feature Bypass Vulnerability [CVE-2015-6113](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6113) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS15-114](http://go.microsoft.com/fwlink/?linkid=690570) Windows Journal Heap Overflow Vulnerability [CVE-2015-6097](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6097) Jason Kratzer, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-113](http://go.microsoft.com/fwlink/?linkid=690585) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6064](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6064) Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-113](http://go.microsoft.com/fwlink/?linkid=690585) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6073](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6073) Kai Kang of [Tencent's Xuanwu LAB](http://www.tencent.com/)
[MS15-113](http://go.microsoft.com/fwlink/?linkid=690585) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6078](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6078) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-113](http://go.microsoft.com/fwlink/?linkid=690585) Microsoft Browser ASLR Bypass [CVE-2015-6088](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6088) JaeHun Jeong
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6064](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6064) Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6065](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6065) Jason Kratzer, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6065](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6065) B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6066](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6066) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6068](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6068) Zheng Huang of the [Baidu Scloud XTeam](http://anquan.baidu.com/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6069](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6069) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6070](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6070) Tongbo Luo of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6070](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6070) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6071](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6071) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6072](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6072) Kai Kang of [Tencent's Xuanwu LAB](http://www.tencent.com/)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6073](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6073) Kai Kang of [Tencent's Xuanwu LAB](http://www.tencent.com/)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6075](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6075) 0011, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6076](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6076) Anonymous, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6077](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6077) 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/), and Linan Hao of [Qihoo 360](http://www.360.cn/)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6077](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6077) Linan Hao of [Qihoo 360](http://www.360.cn/) Vulcan Team
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Microsoft Browser Memory Corruption Vulnerability [CVE-2015-6078](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6078) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6079](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6079) Zheng Huang of the [Baidu Scloud XTeam](http://anquan.baidu.com/)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6080](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6080) Zheng Huang of the [Baidu Scloud XTeam](http://anquan.baidu.com/)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6081](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6081) B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6082](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6082) Zheng Huang of the [Baidu Scloud XTeam](http://anquan.baidu.com/)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6084](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6084) Zheng Huang of the [Baidu Scloud XTeam](http://anquan.baidu.com/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6085](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6085) Jason Kratzer, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Internet Explorer Information Disclosure Vulnerability [CVE-2015-6086](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6086) Ashfaq Ansari, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6087](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6087) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) Scripting Engine Memory Corruption Vulnerability [CVE-2015-6089](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6089) Yuki Chen of [Qihoo 360](http://www.360.cn/) Vulcan Team
[MS15-099](http://go.microsoft.com/fwlink/?linkid=623627) Microsoft Office Malformed EPS File Vulnerability [CVE-2015-2545](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2545) Genwei Jiang of [FireEye, Inc.](http://www.fireeye.com/)
[SA3108638](https://technet.microsoft.com/library/security/3108638.aspx) N/A [CVE-2015-5307](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5307) Ben Serebrin of Google
**October 2015**
[MS15-111](http://go.microsoft.com/fwlink/?linkid=625080) Windows Kernel Memory Corruption Vulnerability [CVE-2015-2549](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2549) dbc282f4f2f7d2466fa0078bf8034d99
[MS15-111](http://go.microsoft.com/fwlink/?linkid=625080) Windows Elevation of Privilege Vulnerability [CVE-2015-2550](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2550) [Ashutosh Mehra](https://twitter.com/ashutoshmehra), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-111](http://go.microsoft.com/fwlink/?linkid=625080) Windows Mount Point Elevation of Privilege Vulnerability [CVE-2015-2553](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2553) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS15-111](http://go.microsoft.com/fwlink/?linkid=625080) Windows Object Reference Elevation of Privilege Vulnerability [CVE-2015-2554](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2554) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS15-110](http://go.microsoft.com/fwlink/?linkid=625092) Microsoft Office Memory Corruption Vulnerability [CVE-2015-2555](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2555) 3S Labs, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-110](http://go.microsoft.com/fwlink/?linkid=625092) Microsoft Sharepoint Information Disclosure Vulnerability [CVE-2015-2556](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2556) Jakub Palaczynski of ING Services Polska
[MS15-110](http://go.microsoft.com/fwlink/?linkid=625092) Microsoft Office Memory Corruption Vulnerabilties [CVE-2015-2557](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2557) kdot, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-110](http://go.microsoft.com/fwlink/?linkid=625092) Microsoft Office Memory Corruption Vulnerability [CVE-2015-2558](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2558) 3S Labs, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-109](http://go.microsoft.com/fwlink/?linkid=625078) Toolbar Use After Free Vulnerability [CVE-2015-2515](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2515) Heige (a.k.a. SuperHei) from [Knownsec 404 Security Team](http://www.knownsec.com/)
[MS15-109](http://go.microsoft.com/fwlink/?linkid=625078) Microsoft Tablet Input Band Use After Free Vulnerability [CVE-2015-2548](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2548) Heige (a.k.a. SuperHei) from [Knownsec 404 Security Team](http://www.knownsec.com/) and Hui Gao of Palo Alto Networks
[MS15-108](http://go.microsoft.com/fwlink/?linkid=623633) Scripting Engine Memory Corruption Vulnerability [CVE-2015-2482](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2482) Skylined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-108](http://go.microsoft.com/fwlink/?linkid=623633) VBScript and JScript ASLR Bypass [CVE-2015-6052](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6052) Bill Finlayson, [Vectra Networks](http://www.vectranetworks.com/)
[MS15-108](http://go.microsoft.com/fwlink/?linkid=623633) Scripting Engine Memory Corruption Vulnerability [CVE-2015-6055](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6055) Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-108](http://go.microsoft.com/fwlink/?linkid=623633) Scripting Engine Memory Corruption Vulnerability [CVE-2015-6055](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6055) An anonymous researcher, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-108](http://go.microsoft.com/fwlink/?linkid=623633) Scripting Engine Information Disclosure Vulnerability [CVE-2015-6059](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6059) Takeshi Terada of [Mitsui Bussan Secure Directions, Inc](http://www.mbsd.jp/).
[MS15-107](http://go.microsoft.com/fwlink/?linkid=625091) Microsoft Edge XSS Filter Bypass [CVE-2015-6058](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6058) Noriaki Iwasaki of [Cyber Defense Institute, Inc.](http://www.cyberdefense.jp/)
[MS15-107](http://go.microsoft.com/fwlink/?linkid=625091) Microsoft Edge XSS Filter Bypass [CVE-2015-6058](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6058) Masato Kinugawa, Individual
[MS15-107](http://go.microsoft.com/fwlink/?linkid=625091) Microsoft Edge Information Disclosure Vulnerability [CVE-2015-6057](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6057) Mario Heiderich of [Cure53](https://cure53.de/)
[MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) Scripting Engine Memory Corruption Vulnerability [CVE-2015-2482](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2482) Skylined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6042](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6042) Garage4Hackers, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) Internet Explorer Elevation of Privilege Vulnerability [CVE-2015-6044](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6044) Jack Tang of [Trend Micro](http://www.trendmicro.com/)
[MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6045](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6045) Zheng Huang of the [Baidu Scloud XTeam](http://anquan.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6045](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6045) Kai Kang of [Tencent's Xuanwu LAB](http://www.tencent.com/)
[MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6046](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6046) Jason Kratzer, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) Internet Explorer Elevation of Privilege Vulnerability [CVE-2015-6047](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6047) [Ashutosh Mehra](https://twitter.com/ashutoshmehra), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6048](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6048) Tongbo Luo of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6048](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6048) Hui Gao of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6048](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6048) Dhanesh Kizhakkinan of [FireEye, Inc.](https://www.fireeye.com/)
[MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6049](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6049) Heige (a.k.a. SuperHei) from [Knownsec 404 Security Team](http://www.knownsec.com/)
[MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) Internet Explorer Memory Corruption Vulnerability [CVE-2015-6050](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6050) Zheng Huang of the [Baidu Scloud XTeam](http://anquan.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) Internet Explorer Elevation of Privilege Vulnerability [CVE-2015-6051](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6051) [Ashutosh Mehra](https://twitter.com/ashutoshmehra), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) VBScript and JScript ASLR Bypass [CVE-2015-6052](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6052) Bill Finlayson, [Vectra Networks](http://www.vectranetworks.com/)
[MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) Internet Explorer Information Disclosure Vulnerability [CVE-2015-6053](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6053) CK, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) Scripting Engine Memory Corruption Vulnerability [CVE-2015-6055](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6055) An anonymous researcher, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) Scripting Engine Memory Corruption Vulnerability [CVE-2015-6056](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6056) Aakash Jain and Dhanesh Kizhakkinan of [FireEye, Inc.](http://www.fireeye.com/)
[MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) Scripting Engine Information Disclosure Vulnerability [CVE-2015-6059](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6059) Takeshi Terada of [Mitsui Bussan Secure Directions, Inc](http://www.mbsd.jp/).
[MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) Scripting Engine Memory Corruption Vulnerability [CVE-2015-6184](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6184) Zheng Huang of the [Baidu Scloud XTeam](http://xlab.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) Defense-in-depth ------------------- Mario Heiderich of [Cure53](https://cure53.de/)
**September 2015**
[MS15-103](http://go.microsoft.com/fwlink/?linkid=623628) Exchange Information Disclosure Vulnerability [CVE-2015-2505](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2505) John Page of [hyp3rlinx](http://hyp3rlinx.altervista.org/)
[MS15-103](http://go.microsoft.com/fwlink/?linkid=623628) Exchange Spoofing Vulnerability [CVE-2015-2543](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2543) [Abdulrahman Alqabandi](http://twitter.com/qab)
[MS15-103](http://go.microsoft.com/fwlink/?linkid=623628) Exchange Spoofing Vulnerability [CVE-2015-2544](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2544) Justin Khoo of [FreshInbox](http://freshinbox.com/)
[MS15-102](http://go.microsoft.com/fwlink/?linkid=623626) Windows Task Management Elevation of Privilege Vulnerability [CVE-2015-2524](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2524) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS15-102](http://go.microsoft.com/fwlink/?linkid=623626) Windows Task File Deletion Elevation of Privilege Vulnerability [CVE-2015-2525](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2525) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS15-102](http://go.microsoft.com/fwlink/?linkid=623626) Windows Task Management Elevation of Privilege Vulnerability [CVE-2015-2528](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2528) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS15-101](http://go.microsoft.com/fwlink/?linkid=623575) .NET Elevation of Privilege Vulnerability [CVE-2015-2504](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2504) Yorick Koster of Securify B.V.
[MS15-101](http://go.microsoft.com/fwlink/?linkid=623575) MVC Denial of Service Vulnerability [CVE-2015-2526](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2526) Roberto Suggi Liverani of NCIA (NATO Communications and Information Agency)
[MS15-100](http://go.microsoft.com/fwlink/?linkid=623232) Windows Media Center RCE Vulnerability [CVE-2015-2509](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2509) Aaron Luo, Kenney Lu, and Ziv Chang of [TrendMicro](http://www.trendmicro.com/)
[MS15-099](http://go.microsoft.com/fwlink/?linkid=623627) Microsoft Office Memory Corruption Vulnerability [CVE-2015-2520](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2520) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS15-099](http://go.microsoft.com/fwlink/?linkid=623627) Microsoft Office Memory Corruption Vulnerability [CVE-2015-2521](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2521) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS15-099](http://go.microsoft.com/fwlink/?linkid=623627) Microsoft SharePoint XSS Spoofing Vulnerability [CVE-2015-2522](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2522) This vulnerability was discovered by Fortinet's FortiGuard Labs.
[MS15-099](http://go.microsoft.com/fwlink/?linkid=623627) Microsoft Office Memory Corruption Vulnerability [CVE-2015-2523](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2523) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS15-099](http://go.microsoft.com/fwlink/?linkid=623627) Microsoft Office Malformed EPS File Vulnerability [CVE-2015-2545](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2545) Genwei Jiang of [FireEye, Inc.](http://www.fireeye.com/)
[MS15-098](http://go.microsoft.com/fwlink/?linkid=623624) Windows Journal RCE Vulnerability [CVE-2015-2513](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2513) Phil Blankenship of [BeyondTrust Inc](http://www.beyondtrust.com/)
[MS15-098](http://go.microsoft.com/fwlink/?linkid=623624) Windows Journal DoS Vulnerability [CVE-2015-2514](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2514) Kai Lu of Fortinet's FortiGuard Labs
[MS15-098](http://go.microsoft.com/fwlink/?linkid=623624) Windows Journal DoS Vulnerability [CVE-2015-2516](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2516) Kai Lu of Fortinet's FortiGuard Labs
[MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) OpenType Font Parsing Vulnerability [CVE-2015-2506](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2506) Piotr Bania and Andrea Allievi of [Cisco Talos](http://www.talosintel.com/)
[MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) Font Driver Elevation of Privilege Vulnerability [CVE-2015-2507](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2507) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) Font Driver Elevation of Privilege Vulnerability [CVE-2015-2508](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2508) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) Graphics Component Buffer Overflow Vulnerability [CVE-2015-2510](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2510) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) Font Driver Elevation of Privilege Vulnerability [CVE-2015-2511](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2511) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) Font Driver Elevation of Privilege Vulnerability [CVE-2015-2512](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2512) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) Win32k Memory Corruption Elevation of Privilege Vulnerability [CVE-2015-2517](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2517) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) Win32k Memory Corruption Elevation of Privilege Vulnerability [CVE-2015-2518](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2518) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) Win32k Elevation of Privilege Vulnerability [CVE-2015-2527](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2527) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) Kernel ASLR Bypass Vulnerability [CVE-2015-2529](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2529) Matt Tait of [Google Project Zero](http://www.google.com/)
[MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) Win32k Memory Corruption Elevation of Privilege Vulnerability [CVE-2015-2546](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2546) Wang Yu of [FireEye, Inc.](http://www.fireeye.com/)
[MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) Defense-in-depth ------------------- lokihardt@ASRT, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-096](http://go.microsoft.com/fwlink/?linkid=623553) Active Directory Denial of Service Vulnerability [CVE-2015-2535](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2535) Andrew Bartlett of [Catalyst](http://www.catalyst.net.nz/) and the [Samba Team](http://www.samba.org/)
[MS15-095](http://go.microsoft.com/fwlink/?linkid=623632) Memory Corruption Vulnerability [CVE-2015-2485](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2485) 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-095](http://go.microsoft.com/fwlink/?linkid=623632) Memory Corruption Vulnerability [CVE-2015-2486](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2486) 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) Information Disclosure Vulnerability [CVE-2015-2483](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2483) Shi Ji (@Puzzor) of [VARAS@IIE](http://www.iie.ac.cn/)
[MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) Tampering Vulnerability [CVE-2015-2484](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2484) Haifei Li of [Intel Security IPS Research Team](http://www.intelsecurity.com/)
[MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) Memory Corruption Vulnerability [CVE-2015-2485](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2485) 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) Memory Corruption Vulnerability [CVE-2015-2486](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2486) 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) Memory Corruption Vulnerability [CVE-2015-2487](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2487) Pawel Wylecial, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) Elevation of Privilege Vulnerability [CVE-2015-2489](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2489) 5AECDBC12A3C178E19CF1E3CB5EDAA89, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) Memory Corruption Vulnerability [CVE-2015-2490](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2490) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) Memory Corruption Vulnerability [CVE-2015-2491](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2491) Heige (a.k.a. SuperHei) from [Knownsec 404 Security Team](http://www.knownsec.com/)
[MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) Memory Corruption Vulnerability [CVE-2015-2492](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2492) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) Memory Corruption Vulnerability [CVE-2015-2492](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2492) Dhanesh Kizhakkinan of [FireEye, Inc.](http://www.fireeye.com/)
[MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) Scripting Engine Memory Corruption Vulnerability [CVE-2015-2493](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2493) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) Memory Corruption Vulnerability [CVE-2015-2494](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2494) Kai Song ([exp](http://exp-sky.org)-sky) of [Tencent's Xuanwu LAB](http://www.tencent.com/)
[MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) Memory Corruption Vulnerability [CVE-2015-2498](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2498) B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) Memory Corruption Vulnerability [CVE-2015-2499](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2499) B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) Memory Corruption Vulnerability [CVE-2015-2500](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2500) B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) Memory Corruption Vulnerability [CVE-2015-2501](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2501) Sean Verity, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) Memory Corruption Vulnerability [CVE-2015-2541](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2541) 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) Defense-in-depth ------------------- Yang Yu ([@tombkeeper](https://twitter.com/tombkeeper)) of [Tencent's Xuanwu Lab](http://www.tencent.com/en-us/index.shtml)
**August 2015**
[MS15-093](http://go.microsoft.com/fwlink/?linkid=620908) Memory Corruption Vulnerability [CVE-2015-2502](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2502) Clement Lecigne of [Google Inc.](http://www.google.com/)
[MS15-092](http://go.microsoft.com/fwlink/?linkid=620204) RyuJIT Optimization Elevation of Privilege Vulnerability [CVE-2015-2479](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2479) Nick Craver & Marc Gravell of Stack Overflow
[MS15-091](http://go.microsoft.com/fwlink/?linkid=620118) Memory Corruption Vulnerability [CVE-2015-2441](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2441) Liu Long of the [Qihoo 360](http://www.360.cn/) Vulcan Team
[MS15-090](http://go.microsoft.com/fwlink/?linkid=619649) Windows Registry Elevation of Privilege Vulnerability [CVE-2015-2429](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2429) [Ashutosh Mehra](https://twitter.com/ashutoshmehra), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-090](http://go.microsoft.com/fwlink/?linkid=619649) Windows Filesystem Elevation of Privilege Vulnerability [CVE-2015-2430](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2430) [Ashutosh Mehra](https://twitter.com/ashutoshmehra), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-087](http://go.microsoft.com/fwlink/?linkid=619633) UDDI Services Elevation of Privilege Vulnerability [CVE-2015-2475](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2475) François-Xavier Stellamans from NCI Agency - Cyber Security / NCIRC
[MS15-084](http://go.microsoft.com/fwlink/?linkid=619680) MSXML Information Disclosure Vulnerability [CVE-2015-2440](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2440) Ucha Gobejishvili, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-083](http://go.microsoft.com/fwlink/?linkid=619627) Server Message Block Memory Corruption Vulnerability [CVE-2015-2474](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2472) Tenable Network Security
[MS15-081](http://go.microsoft.com/fwlink/?linkid=619678) Microsoft Office Memory Corruption Vulnerability [CVE-2015-1642](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1642) This vulnerability was discovered by Fortinet's FortiGuard Labs
[MS15-081](http://go.microsoft.com/fwlink/?linkid=619678) Microsoft Office Memory Corruption Vulnerability [CVE-2015-1642](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1642) Yong Chuan Koh (@yongchuank) of [MWR Labs](http://labs.mwrinfosecurity.com/) (@mwrlabs)
[MS15-081](http://go.microsoft.com/fwlink/?linkid=619678) Microsoft Office Memory Corruption Vulnerability [CVE-2015-1642](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1642) s3tm3m@gmail.com, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-081](http://go.microsoft.com/fwlink/?linkid=619678) Microsoft Office Memory Corruption Vulnerability [CVE-2015-2467](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2467) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS15-081](http://go.microsoft.com/fwlink/?linkid=619678) Microsoft Office Memory Corruption Vulnerability [CVE-2015-2468](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2468) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS15-081](http://go.microsoft.com/fwlink/?linkid=619678) Microsoft Office Memory Corruption Vulnerability [CVE-2015-2469](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2469) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS15-081](http://go.microsoft.com/fwlink/?linkid=619678) Microsoft Office Integer Underflow Vulnerability [CVE-2015-2470](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2470) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS15-081](http://go.microsoft.com/fwlink/?linkid=619678) Microsoft Office Memory Corruption Vulnerability [CVE-2015-2477](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2477) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS15-081](http://go.microsoft.com/fwlink/?linkid=619678) Microsoft Office Memory Corruption Vulnerability [CVE-2015-2445](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2445) Jack Tang of [Trend Micro](http://www.trendmicro.com/)
[MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) Microsoft Office Graphics Component Remote Code Execution Vulnerability [CVE-2015-2431](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2431) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) OpenType Font Parsing Vulnerability [CVE-2015-2432](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2432) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) Kernel ASLR Bypass Vulnerability [CVE-2015-2433](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2433) Matt Tait of [Google Inc.](http://www.google.com/)
[MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) TrueType Font Parsing Vulnerability [CVE-2015-2435](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2435) KeenTeam's Jihui Lu and Peter Hlavaty, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) Windows CSRSS Elevation of Privilege Vulnerability [CVE-2015-2453](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2453) Liang Yin of [Tencent PC Manager](http://guanjia.qq.com/)
[MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) Windows KMD Security Feature Bypass Vulnerability [CVE-2015-2454](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2454) [Ashutosh Mehra](https://twitter.com/ashutoshmehra), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) TrueType Font Parsing Vulnerability [CVE-2015-2455](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2455) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) TrueType Font Parsing Vulnerability [CVE-2015-2455](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2455) KeenTeam's Jihui Lu and Peter Hlavaty, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) TrueType Font Parsing Vulnerability [CVE-2015-2456](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2456) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) OpenType Font Parsing Vulnerability [CVE-2015-2458](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2458) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) OpenType Font Parsing Vulnerability [CVE-2015-2459](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2459) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) OpenType Font Parsing Vulnerability [CVE-2015-2460](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2460) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) OpenType Font Parsing Vulnerability [CVE-2015-2461](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2461) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) OpenType Font Parsing Vulnerability [CVE-2015-2462](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2462) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) TrueType Font Parsing Vulnerability [CVE-2015-2463](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2463) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) TrueType Font Parsing Vulnerability [CVE-2015-2464](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2464) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS15-079](http://go.microsoft.com/fwlink/?linkid=619622) Memory Corruption Vulnerability [CVE-2015-2442](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2442) Linan Hao of the [Qihoo 360](http://www.360.cn/) Vulcan Team
[MS15-079](http://go.microsoft.com/fwlink/?linkid=619622) Memory Corruption Vulnerability [CVE-2015-2443](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2443) An anonymous researcher, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-079](http://go.microsoft.com/fwlink/?linkid=619622) Memory Corruption Vulnerability [CVE-2015-2444](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2444) Moritz Jodeit of Blue Frost Security
[MS15-079](http://go.microsoft.com/fwlink/?linkid=619622) Security Feature Bypass Vulnerability [CVE-2015-2445](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2445) Jack Tang of [Trend Micro](http://www.trendmicro.com/)
[MS15-079](http://go.microsoft.com/fwlink/?linkid=619622) Memory Corruption Vulnerability [CVE-2015-2446](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2446) Heige (a.k.a. SuperHei) from [Knownsec 404 Security Team](http://www.knownsec.com/) and Bo Qu of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS15-079](http://go.microsoft.com/fwlink/?linkid=619622) Memory Corruption Vulnerability [CVE-2015-2447](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2447) sweetchip@GRAYHASH
[MS15-079](http://go.microsoft.com/fwlink/?linkid=619622) Memory Corruption Vulnerability [CVE-2015-2448](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2448) An anonymous researcher, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-079](http://go.microsoft.com/fwlink/?linkid=619622) Security Feature Bypass Vulnerability [CVE-2015-2449](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2449) Linan Hao of the [Qihoo 360](http://www.360.cn/) Vulcan Team
[MS15-079](http://go.microsoft.com/fwlink/?linkid=619622) Memory Corruption Vulnerability [CVE-2015-2450](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2450) 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-079](http://go.microsoft.com/fwlink/?linkid=619622) Memory Corruption Vulnerability [CVE-2015-2451](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2451) 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-079](http://go.microsoft.com/fwlink/?linkid=619622) Memory Corruption Vulnerability [CVE-2015-2452](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2452) 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
**July 2015**
[MS15-078](http://go.microsoft.com/fwlink/?linkid=618679) OpenType Font Driver Vulnerability [CVE-2015-2426](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2426) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS15-078](http://go.microsoft.com/fwlink/?linkid=618679) OpenType Font Driver Vulnerability [CVE-2015-2426](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2426) Genwei Jiang of [FireEye, Inc.](http://www.fireeye.com/)
[MS15-078](http://go.microsoft.com/fwlink/?linkid=618679) OpenType Font Driver Vulnerability [CVE-2015-2426](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2426) Moony Li of [TrendMicro Company](http://www.trendmicro.com/)
[MS15-077](http://go.microsoft.com/fwlink/?linkid=618023) ATMFD.DLL Memory Corruption Vulnerability [CVE-2015-2387](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2387) [Google Project Zero](http://www.google.com/) and Morgan Marquis-Boire
[MS15-076](http://go.microsoft.com/fwlink/?linkid=616057) Windows RPC Elevation of Privilege Vulnerability [CVE-2015-2370](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2370) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS15-075](http://go.microsoft.com/fwlink/?linkid=617381) OLE Elevation of Privilege Vulnerability [CVE-2015-2416](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2416) Nicolas Joly @n_joly
[MS15-075](http://go.microsoft.com/fwlink/?linkid=617381) OLE Elevation of Privilege Vulnerability [CVE-2015-2417](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2417) Nicolas Joly @n_joly
[MS15-074](http://go.microsoft.com/fwlink/?linkid=616061) Windows Installer EoP Vulnerability [CVE-2015-2371](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2371) Mariusz Mlynski working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-073](http://go.microsoft.com/fwlink/?linkid=615996) Win32k Elevation of Privilege Vulnerability [CVE-2015-2363](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2363) [enSilo](http://www.ensilo.com/)
[MS15-073](http://go.microsoft.com/fwlink/?linkid=615996) Win32k Elevation of Privilege Vulnerability [CVE-2015-2363](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2363) Peng Qiu of 360Vulcan Team
[MS15-073](http://go.microsoft.com/fwlink/?linkid=615996) Win32k Elevation of Privilege Vulnerability [CVE-2015-2365](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2365) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS15-073](http://go.microsoft.com/fwlink/?linkid=615996) Win32k Elevation of Privilege Vulnerability [CVE-2015-2366](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2366) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS15-073](http://go.microsoft.com/fwlink/?linkid=615996) Win32k Information Disclosure Vulnerability [CVE-2015-2367](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2367) WanderingGlitch of [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-073](http://go.microsoft.com/fwlink/?linkid=615996) Win32k Information Disclosure Vulnerability [CVE-2015-2381](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2381) Matt Tait of [Google Project Zero](http://www.google.com/)
[MS15-073](http://go.microsoft.com/fwlink/?linkid=615996) Win32k Information Disclosure Vulnerability [CVE-2015-2382](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2382) Matt Tait of [Google Project Zero](http://www.google.com/)
[MS15-072](http://go.microsoft.com/fwlink/?linkid=615999) Graphics Component EOP Vulnerability [CVE-2015-2364](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2364) Nicolas Joly @n_joly
[MS15-070](http://go.microsoft.com/fwlink/?linkid=617382) Microsoft Excel ASLR Bypass Vulnerability [CVE-2015-2375](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2375) 3S Labs working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-070](http://go.microsoft.com/fwlink/?linkid=617382) Microsoft Office Memory Corruption Vulnerability [CVE-2015-2376](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2376) 3S Labs, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-070](http://go.microsoft.com/fwlink/?linkid=617382) Microsoft Office Memory Corruption Vulnerability [CVE-2015-2377](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2377) 3S Labs, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-070](http://go.microsoft.com/fwlink/?linkid=617382) Microsoft Excel DLL Remote Code Execution Vulnerability [CVE-2015-2378](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2378) M1x7e1(ShiXiaoLei) of [SafeyeTeam](http://www.safeye.org/)
[MS15-070](http://go.microsoft.com/fwlink/?linkid=617382) Microsoft Office Memory Corruption Vulnerability [CVE-2015-2379](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2379) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS15-070](http://go.microsoft.com/fwlink/?linkid=617382) Microsoft Office Memory Corruption Vulnerability [CVE-2015-2380](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2380) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS15-070](http://go.microsoft.com/fwlink/?linkid=617382) Microsoft Office Memory Corruption Vulnerability [CVE-2015-2415](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2415) Jack Tang of [Trend Micro](http://www.trendmicro.com/)
[MS15-070](http://go.microsoft.com/fwlink/?linkid=617382) Microsoft Office Remote Code Execution Vulnerability [CVE-2015-2424](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2424) The Labs Team of [iSIGHT Partners](http://www.isightpartners.com/)
[MS15-070](http://go.microsoft.com/fwlink/?linkid=617382) Microsoft Office Remote Code Execution Vulnerability [CVE-2015-2424](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2424) Edward Fjellskål of Telenor CERT
[MS15-069](http://go.microsoft.com/fwlink/?linkid=616056) Windows DLL Remote Code Execution Vulnerability [CVE-2015-2368](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2368) [Ashutosh Mehra](https://twitter.com/ashutoshmehra), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-069](http://go.microsoft.com/fwlink/?linkid=616056) DLL Planting Remote Code Execution Vulnerability [CVE-2015-2369](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2369) Haifei Li of [McAfee Labs IPS Team](https://blogs.mcafee.com/category/mcafee-labs)
[MS15-068](http://go.microsoft.com/fwlink/?linkid=616065) Hyper-V Buffer Overflow Vulnerability [CVE-2015-2361](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2361) Thomas Garnier of Microsoft
[MS15-068](http://go.microsoft.com/fwlink/?linkid=616065) Hyper-V System Data Structure Vulnerability [CVE-2015-2362](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2362) Thomas Garnier of Microsoft
[MS15-066](http://go.microsoft.com/fwlink/?linkid=616062) VBScript Memory Corruption Vulnerability [CVE-2015-2372](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2372) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-066](http://go.microsoft.com/fwlink/?linkid=616062) VBScript Memory Corruption Vulnerability [CVE-2015-2372](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2372) bilou, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Information Disclosure Vulnerability [CVE-2015-1729](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1729) Mashiro YAMADA
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1733](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1733) JaeHun Jeong (@n3sk) of [WINS, WSEC Analysis Team](http://wins21.co.kr/)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1738](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1738) Li Kemeng of [Baidu Anti-virus Team](http://anquan.baidu.com/)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1767](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1767) An anonymous researcher, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1767](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1767) Zheng Huang of the [Baidu Scloud XTeam](http://anquan.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2383](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2383) Jason Kratzer, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2383](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2383) Sky, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2383](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2383) Liu Long of the [Qihoo 360](http://www.360.cn/) Vulcan Team
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2383](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2383) Jihui Lu of KeenTeam (@K33nTeam)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2384](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2384) Liu Long of the [Qihoo 360](http://www.360.cn/) Vulcan Team
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2385](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2385) Liu Long of the [Qihoo 360](http://www.360.cn/) Vulcan Team
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2385](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2385) ChenDong Li of [Tencent](http://tencent.com/)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2388](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2388) B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2389](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2389) Linan Hao of the [Qihoo 360](http://www.360.cn/) Vulcan Team
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2390](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2390) Linan Hao of the [Qihoo 360](http://www.360.cn/) Vulcan Team
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2391) Jack Tang of [Trend Micro Inc.](http://www.trendmicro.com/)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2397](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2397) AA32AF9897C15779037CD4FC1C1C13D7, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2397](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2397) A3F2160DCA1BDE70DA1D99ED267D5DC1EC336192, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2397](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2397) Bo Qu of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer XSS Filter Bypass Vulnerability [CVE-2015-2398](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2398) Mario Heiderich
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer XSS Filter Bypass Vulnerability [CVE-2015-2398](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2398) Carlos Munoz of [WhiteHat Security](https://www.whitehatsec.com/) (former) and [Trustwave SpiderLabs](https://www.trustwave.com/) (current)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Elevation of Privilege Vulnerability [CVE-2015-2402](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2402) [Ashutosh Mehra](https://twitter.com/ashutoshmehra), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2403](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2403) ca0nguyen, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2404](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2404) 4cbad7dc77d1a1af7d66b5ded6cd92a5, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2406](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2406) B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2408](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2408) Zheng Huang of [Baidu Scloud XTeam](http://xlab.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Information Disclosure Vulnerability [CVE-2015-2410](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2410) A [Google Inc.](http://www.google.com/) employee
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2411](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2411) JeongHoon Shin
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Information Disclosure Vulnerability [CVE-2015-2412](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2412) [Ashutosh Mehra](https://twitter.com/ashutoshmehra), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Information Disclosure Vulnerability [CVE-2015-2413](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2414) Hiroshi Suzuki of [Internet Initiative Japan Inc.](http://www.iij.ad.jp/en/)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Information Disclosure Vulnerability [CVE-2015-2414](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2414) Angelo Prado, Director, Product Security at [Salesforce](http://trust.salesforce.com/)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2422](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2422) Bo Qu of [Palo Alto Networks](https://www.paloaltonetworks.com/)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2425](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2425) Bill Finlayson, [Vectra Networks](http://www.vectranetworks.com/)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2425](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2425) Dhanesh Kizhakkinan of [FireEye, Inc.](http://www.fireeye.com/)
[MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) Internet Explorer Memory Corruption Vulnerability [CVE-2015-2425](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2425) Peter Pi of [TrendMicro](http://www.trendmicro.com/)
[3074162](https://technet.microsoft.com/en-us/library/3074162.aspx) MSRT Race Condition Vulnerability [CVE-2015-2418](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2418) James Forshaw of [Google Project Zero](http://www.google.com/)
**June 2015**
[MS15-063](http://go.microsoft.com/fwlink/?linkid=614961) Windows LoadLibrary EoP Vulnerability [CVE-2015-1758](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1758) Takashi Yoshikawa of [Mitsui Bussan Secure Directions, Inc.](http://www.mbsd.jp/)
[MS15-062](http://go.microsoft.com/fwlink/?linkid=614960) ADFS XSS Elevation of Privilege Vulnerability [CVE-2015-1757](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1757) “John Hollenberger” and “Tate Hansen from FishNet Security”
[MS15-061](http://go.microsoft.com/fwlink/?linkid=614959) Microsoft Windows Kernel Information Disclosure Vulnerability [CVE-2015-1719](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1719) Guo Pengfei of [Qihoo 360](http://www.360.cn/)
[MS15-061](http://go.microsoft.com/fwlink/?linkid=614959) Microsoft Windows Kernel Use After Free Vulnerability [CVE-2015-1720](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1720) KK of [Tencent’s Xuanwu LAB](http://www.tencent.com/)
[MS15-061](http://go.microsoft.com/fwlink/?linkid=614959) Win32k Null Pointer Dereference Vulnerability [CVE-2015-1721](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1721) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS15-061](http://go.microsoft.com/fwlink/?linkid=614959) Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability [CVE-2015-1722](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1722) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS15-061](http://go.microsoft.com/fwlink/?linkid=614959) Microsoft Windows Station Use After Free Vulnerability [CVE-2015-1723](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1723) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS15-061](http://go.microsoft.com/fwlink/?linkid=614959) Microsoft Windows Kernel Object Use After Free Vulnerability [CVE-2015-1724](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1724) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS15-061](http://go.microsoft.com/fwlink/?linkid=614959) Win32k Buffer Overflow Vulnerability [CVE-2015-1725](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1725) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS15-061](http://go.microsoft.com/fwlink/?linkid=614959) Microsoft Windows Kernel Brush Object Use After Free Vulnerability [CVE-2015-1726](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1726) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS15-061](http://go.microsoft.com/fwlink/?linkid=614959) Win32k Pool Buffer Overflow Vulnerability [CVE-2015-1727](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1727) Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/)
[MS15-061](http://go.microsoft.com/fwlink/?linkid=614959) Win32k Elevation of Privilege Vulnerability [CVE-2015-2360](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2360) Maxim Golovkin, [Kaspersky Lab](http://www.kaspersky.com/)
[MS15-061](http://go.microsoft.com/fwlink/?linkid=614959) Win32k Elevation of Privilege Vulnerability [CVE-2015-2360](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2360) [enSilo Research Team](http://www.ensilo.com/)
[MS15-059](http://go.microsoft.com/fwlink/?linkid=614957) Microsoft Office Memory Corruption Vulnerability [CVE-2015-1759](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1759) Ben Hawkes of [Google Project Zero](http://www.google.com/)
[MS15-059](http://go.microsoft.com/fwlink/?linkid=614957) Microsoft Office Memory Corruption Vulnerability [CVE-2015-1760](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1760) Ben Hawkes of [Google Project Zero](http://www.google.com/)
[MS15-059](http://go.microsoft.com/fwlink/?linkid=614957) Microsoft Office Uninitialized Memory Use Vulnerability [CVE-2015-1770](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1770) Yong Chuan Koh (@yongchuank) [MWR Labs](http://labs.mwrinfosecurity.com/) (@mwrlabs)
[MS15-057](http://go.microsoft.com/fwlink/?linkid=614954) Windows Media Player RCE via DataObject Vulnerability [CVE-2015-1728](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1728) bilou, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1687](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1687) Pengfei Guo of [Qihoo 360](http://www.360.cn/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1730](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1730) SkyLined, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1731](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1731) Zheng Huang of Baidu Scloud XTeam
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1732](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1732) Linan Hao of the [Qihoo 360](http://www.360.cn/) Vulcan Team
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1735](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1735) Zheng Huang of Baidu Scloud XTeam working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1736](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1736) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1736](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-) An anonymous researcher, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1737](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1737) Dhanesh Kizhakkinan of [FireEye, Inc.](http://www.fireeye.com/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Elevation of Privilege Vulnerability [CVE-2015-1739](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1739) Thomas Vanhoutte working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1740](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1740) Chen Zhang ([demi6od](https://github.com/demi6od)) of [NSFOCUS Security Team](http://http/www.nsfocus.com/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1740](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1740) Heige (a.k.a. SuperHei) from [Knownsec 404 Security Team](http://www.knownsec.com/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1740](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1740) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1741](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1741) Chen Zhang ([demi6od](https://github.com/demi6od)) of [NSFOCUS Security Team](http://http/www.nsfocus.com/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1742](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1742) Chen Zhang ([demi6od](https://github.com/demi6od)) of [NSFOCUS Security Team](http://http/www.nsfocus.com/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Elevation of Privilege Vulnerability [CVE-2015-1743](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1743) Haifei Li of [McAfee Labs IPS Team](https://blogs.mcafee.com/category/mcafee-labs)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Elevation of Privilege Vulnerability [CVE-2015-1743](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-) Yuki Chen of [Qihoo 360/Vulcan 360 Team](http://www.360.cn/) working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Elevation of Privilege Vulnerability [CVE-2015-1743](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-) Thomas Vanhoutte, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1744](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1744) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1744](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1744) [National Engineering Laboratory for Mobile Internet System and Application Security, China](http://www.islab.net.cn/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1745](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1745) Yuki Chen of [Qihoo 360](http://www.360.cn/) working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1747](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1747) lokihardt@ASRT working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Elevation of Privilege Vulnerability [CVE-2015-1748](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1748) lokihardt@ASRT working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1750](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1750) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1751](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1751) Jason Kratzer, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1752](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1752) Kai Song (exp-sky) of [Tencent's Xuanwu LAB](http://www.tencent.com/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1752](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1752) Henry Li of [Trend Micro](http://www.trendmicro.com/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1753](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1753) Jihui Lu of KeenTeam (@K33nTeam)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1754](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1754) Jack Tang of [Trend Micro](http://www.trendmicro.com/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1755](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1755) 0016EECD9D7159A949DAD3BC17E0A939 working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1755](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1755) Jason Kratzer, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Defense-in-depth ------------------- רומן זאיקין
[MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) Defense-in-depth ------------------- An anonymous researcher, working with Beyond Security’s [SecuriTeam Secure Disclosure](http://www.beyondsecurity.com/ssd.html) team and [Ashutosh Mehra](https://twitter.com/ashutoshmehra) working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
Special thanks for working with Microsoft to make Internet Explorer more secure. ------------------- Xiaoyin Liu @general_nfs
**May 2015**
[MS15-054](http://go.microsoft.com/fwlink/?linkid=533727) Microsoft Management Console File Format Denial of Service Vulnerability [CVE-2015-1681](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1681) Michael Heerklotz, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-053](http://go.microsoft.com/fwlink/?linkid=533729) VBScript ASLR Bypass [CVE-2015-1684](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1684) SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-053](http://go.microsoft.com/fwlink/?linkid=533729) VBScript and JScript ASLR Bypass [CVE-2015-1686](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1686) Bill Finlayson of [BeyondTrust Inc](http://www.beyondtrust.com/)
[MS15-052](http://go.microsoft.com/fwlink/?linkid=533731) Windows Kernel Security Feature Bypass Vulnerability [CVE-2015-1674](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1674) [lokihardt@ASRT](https://technet.microsoft.com/en-us/mailto:lokihardt@asrt), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-051](http://go.microsoft.com/fwlink/?linkid=533726) Microsoft Windows Kernel Memory Disclosure Vulnerability [CVE-2015-1676](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1676) WanderingGlitch of [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-051](http://go.microsoft.com/fwlink/?linkid=533726) Microsoft Windows Kernel Memory Disclosure Vulnerability [CVE-2015-1677](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1677) WanderingGlitch of [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-051](http://go.microsoft.com/fwlink/?linkid=533726) Microsoft Windows Kernel Memory Disclosure Vulnerability [CVE-2015-1678](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1678) WanderingGlitch of [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-051](http://go.microsoft.com/fwlink/?linkid=533726) Microsoft Windows Kernel Memory Disclosure Vulnerability [CVE-2015-1679](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1679) WanderingGlitch of [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-051](http://go.microsoft.com/fwlink/?linkid=533726) Microsoft Windows Kernel Memory Disclosure Vulnerability [CVE-2015-1680](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1680) WanderingGlitch of [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-049](http://go.microsoft.com/fwlink/?linkid=534625) Microsoft Silverlight Out of Browser Application Vulnerability [CVE-2015-1715](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1715) [Exodus Intelligence](https://www.exodusintel.com/)
[MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) .NET XML Decryption Denial of Service Vulnerability [CVE-2015-1672](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1672) John Heasman of [DocuSign](http://www.docusign..htm)
[MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) Windows Forms Elevation of Privilege Vulnerability [CVE-2015-1673](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1673) Kalle Niemitalo
[MS15-046](http://go.microsoft.com/fwlink/?linkid=533724) Microsoft Office Memory Corruption Vulnerability [CVE-2015-1682](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1682) 3S Labs, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-046](http://go.microsoft.com/fwlink/?linkid=533724) Microsoft Office Memory Corruption Vulnerability [CVE-2015-1683](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1683) Jack Tang of [Trend Micro](http://www.trendmicro.com/)
[MS15-046](http://go.microsoft.com/fwlink/?linkid=533724) Microsoft Office Memory Corruption Vulnerability [CVE-2015-1683](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1683) Kai Lu of Fortinet's FortiGuard Labs
[MS15-045](http://go.microsoft.com/fwlink/?linkid=533722) Windows Journal Remote Code Execution Vulnerability [CVE-2015-1675](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1675) Bill Finlayson of [Beyond Trust, Inc.](http://www.beyondtrust.com/)
[MS15-045](http://go.microsoft.com/fwlink/?linkid=533722) Windows Journal Remote Code Execution Vulnerability [CVE-2015-1695](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1695) [Adith Sudhakar](https://www.linkedin.com/pub/adith-sudhakar/45/717/620), VMware
[MS15-045](http://go.microsoft.com/fwlink/?linkid=533722) Windows Journal Remote Code Execution Vulnerability [CVE-2015-1696](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1696) Rohit Mothe of [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-045](http://go.microsoft.com/fwlink/?linkid=533722) Windows Journal Remote Code Execution Vulnerability [CVE-2015-1697](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1697) Rohit Mothe of [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-045](http://go.microsoft.com/fwlink/?linkid=533722) Windows Journal Remote Code Execution Vulnerability [CVE-2015-1698](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1698) [Adith Sudhakar](https://www.linkedin.com/pub/adith-sudhakar/45/717/620), VMware
[MS15-045](http://go.microsoft.com/fwlink/?linkid=533722) Windows Journal Remote Code Execution Vulnerability [CVE-2015-1698](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1698) Rohit Mothe of [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml)
[MS15-045](http://go.microsoft.com/fwlink/?linkid=533722) Windows Journal Remote Code Execution Vulnerability [CVE-2015-1699](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1699) Steven Seeley of [Source Incite](http://srcincite.io/)
[MS15-044](http://go.microsoft.com/fwlink/?linkid=533715) OpenType Font Parsing Vulnerability [CVE-2015-1670](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1670) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS15-044](http://go.microsoft.com/fwlink/?linkid=533715) TrueType Font Parsing Vulnerability [CVE-2015-1671](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1671) Dan Caselden of [FireEye, Inc.](https://www.fireeye.com/)
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1658](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1658) Jason Kratzer, working with [VeriSign iDefense Labs](http://labs.idefense.com/)
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1658](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1658) [National Engineering Laboratory for Mobile Internet System and Application Security, China](http://www.islab.net.cn/)
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) VBScript ASLR Bypass [CVE-2015-1684](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1684) SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer ASLR Bypass [CVE-2015-1685](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1685) Hao Linan of 360 Vulcan Team
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer ASLR Bypass [CVE-2015-1685](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1685) Dhanesh Kizhakkinan of [FireEye, Inc.](https://www.fireeye.com/)
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer ASLR Bypass [CVE-2015-1685](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1685) Li Kemeng of [Baidu Scloud XTeam](http://xlab.baidu.com/)
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) VBScript and JScript ASLR Bypass [CVE-2015-1686](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1686) Bill Finlayson of [BeyondTrust Inc](http://www.beyondtrust.com/)
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer Elevation of Privilege Vulnerability [CVE-2015-1688](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1688) Ashutosh Mehra
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1689](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1689) Jihui Lu of [KeenTeam](http://www.k33nteam.org/) (@K33nTeam)
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1691](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1691) Jihui Lu of [KeenTeam](http://www.k33nteam.org/) (@K33nTeam)
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer Clipboard Information Disclosure Vulnerability [CVE-2015-1692](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1692) Daniel Trebbien
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer Clipboard Information Disclosure Vulnerability [CVE-2015-1692](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1692) Vincent Lee of TELUS Security Labs
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1694](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1694) Jack Tang of [Trend Micro](http://www.trendmicro.com/)
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer Elevation of Privilege Vulnerability [CVE-2015-1703](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1703) Akitsugu
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer Elevation of Privilege Vulnerability [CVE-2015-1704](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1704) Mario Heiderich
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1705](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1705) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1706](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1706) Zheng Huang of Baidu Scloud XTeam working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1708](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1708) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1709](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1709) Jack Tang of [Trend Micro](http://www.trendmicro.com/)
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1709](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1709) Zheng Huang of Baidu Scloud XTeam working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1710](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1710) Dhanesh Kizhakkinan of [FireEye, Inc.](http://www.fireeye.com/)
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1711](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1711) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1712](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1712) sweetchip@GRAYHASH
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer Elevation of Privilege Vulnerability [CVE-2015-1713](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1713) Ashutosh Mehra
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1714](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1714) sweetchip@GRAYHASH, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1717](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1717) 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1718](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1718) Jihui Lu of KeenTeam (@K33nTeam)
**April 2015**
[MS15-042](http://go.microsoft.com/fwlink/?linkid=532644) Windows Hyper-V DoS Vulnerability [CVE-2015-1647](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1647) Dmitry Alikov of [Veeam Software AG](http://www.veeam.com/)
[MS15-039](http://go.microsoft.com/fwlink/?linkid=532641) MSXML3 Same Origin Policy SFB vulnerability [CVE-2015-1646](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1646) Hormazd Billimoria, Xiaoran Wang, Sergey Gorbaty, Anton Rager, and Jonathan Brossard of [Salesforce.com](http://salesforce.com/)
[MS15-038](http://go.microsoft.com/fwlink/?linkid=532639) NtCreateTransactionManager Type Confusion Vulnerability [CVE-2015-1643](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1643) James Forshaw of [Google Project Zero](https://www.google.com/)
[MS15-038](http://go.microsoft.com/fwlink/?linkid=532639) Windows MS-DOS Device Name Elevation of Privilege Vulnerability [CVE-2015-1644](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1644) James Forshaw of [Google Project Zero](https://www.google.com/)
[MS15-037](http://go.microsoft.com/fwlink/?linkid=532635) Task Scheduler Elevation of Privilege Vulnerability [CVE-2015-0098](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0098) Renato Ettisberger of [IOprotect GmbH](http://www.ioprotect.ch/)
[MS15-035](http://go.microsoft.com/fwlink/?linkid=532631) EMF Processing Remote Code Execution Vulnerability [CVE-2015-1645](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1645) Hossein Lotfi, [Secunia Research](http://secunia.com/)
[MS15-034](http://go.microsoft.com/fwlink/?linkid=532630) HTTP.sys Remote Code Execution Vulnerability [CVE-2015-1635](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1635) The Citrix Security Response Team
[MS15-033](http://go.microsoft.com/fwlink/?linkid=532628) Microsoft Outlook App for Mac XSS Vulnerability [CVE-2015-1639](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1639) Rakesh Dharmavaram
[MS15-033](http://go.microsoft.com/fwlink/?linkid=532628) Microsoft Office Memory Corruption Vulnerability [CVE-2015-1641](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1641) The Labs Team of [iSIGHT Partners](http://www.isightpartners.com/)
[MS15-033](http://go.microsoft.com/fwlink/?linkid=532628) Microsoft Office Component Use After Free Vulnerability [CVE-2015-1649](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1649) Jack Tang of [Trend Micro](http://www.trendmicro.com/)
[MS15-033](http://go.microsoft.com/fwlink/?linkid=532628) Microsoft Office Component Use After Free Vulnerability [CVE-2015-1649](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1649) Dan Caselden of [FireEye, Inc.](http://www.fireeye.com/)
[MS15-033](http://go.microsoft.com/fwlink/?linkid=532628) Microsoft Office Component Use After Free Vulnerability [CVE-2015-1650](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1650) 3S Labs, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-033](http://go.microsoft.com/fwlink/?linkid=532628) Defense-in-depth change in this bulletin ------------------- Chris Parmer of [Plotly](https://plot.ly/)
[MS15-033](http://go.microsoft.com/fwlink/?linkid=532628) Microsoft Office Component Use After Free Vulnerability [CVE-2015-1651](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1651) Ben Hawkes of [Google Project Zero](https://www.google.com/)
[MS15-032](http://go.microsoft.com/fwlink/?linkid=532626) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1652](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1652) 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-032](http://go.microsoft.com/fwlink/?linkid=532626) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1657](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1657) Jihui Lu of [KeenTeam](http://www.k33nteam.org/) (@K33nTeam)
[MS15-032](http://go.microsoft.com/fwlink/?linkid=532626) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1659](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1659) Jason Kratzer, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-032](http://go.microsoft.com/fwlink/?linkid=532626) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1660](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1660) Arthur Gerkis, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-032](http://go.microsoft.com/fwlink/?linkid=532626) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1661](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1661) AbdulAziz Hariri, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-032](http://go.microsoft.com/fwlink/?linkid=532626) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1665](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1665) AMol NAik & Garage4Hackers, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-032](http://go.microsoft.com/fwlink/?linkid=532626) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1666](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1666) b0nd@garage4hackers@, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-032](http://go.microsoft.com/fwlink/?linkid=532626) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1667](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1667) ca0nguyen, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-032](http://go.microsoft.com/fwlink/?linkid=532626) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1668](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1668) Omair, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
**March 2015**
[MS15-029](http://go.microsoft.com/fwlink/?linkid=526464) JPEG XR Parser Information Disclosure Vulnerability [CVE-2015-0076](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0076) Michal Zalewski of [Google Inc.](http://www.google.com/)
[MS15-028](http://go.microsoft.com/fwlink/?linkid=526468) Task Scheduler Security Feature Bypass Vulnerability [CVE-2015-0084](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0084) James Forshaw of [Google Project Zero](https://www.google.com/)
[MS15-027](http://go.microsoft.com/fwlink/?linkid=522530) NETLOGON Spoofing Vulnerability [CVE-2015-0005](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0005) This vulnerability was discovered and researched by Alberto Solino from Core Security. The publication of [this advisory](http://www.coresecurity.com/advisories/windows-pass-through-authentication-methods-improper-validation) was coordinated by Joaquín Rodríguez Varela from the Core Advisories Team.
[MS15-026](http://go.microsoft.com/fwlink/?linkid=526458) OWA Modified Canary Parameter Cross Site Scripting Vulnerability [CVE-2015-1628](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1628) [Francisco Correa](http://cl.linkedin.com/pub/francisco-correa/76/428/7ba/)
[MS15-026](http://go.microsoft.com/fwlink/?linkid=526458) ExchangeDLP Cross Site Scripting Vulnerability [CVE-2015-1629](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1629) Adi Ivascu
[MS15-026](http://go.microsoft.com/fwlink/?linkid=526458) Audit Report Cross Site Scripting Vulnerability [CVE-2015-1630](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1630) Adi Ivascu
[MS15-026](http://go.microsoft.com/fwlink/?linkid=526458) Exchange Forged Meeting Request Spoofing Vulnerability [CVE-2015-1631](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1631) Nicolai Grodum
[MS15-026](http://go.microsoft.com/fwlink/?linkid=526458) Exchange Error Message Cross Site Scripting Vulnerability [CVE-2015-1632](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1632) [Darius Petrescu](https://twitter.com/@akkilion_)
[MS15-025](http://go.microsoft.com/fwlink/?linkid=526462) Registry Virtualization Elevation of Privilege Vulnerability [CVE-2015-0073](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0073) James Forshaw of [Google Project Zero](https://www.google.com/)
[MS15-024](http://go.microsoft.com/fwlink/?linkid=526465) Malformed PNG Parsing Information Disclosure Vulnerability [CVE-2015-0080](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0080) Michal Zalewski of [Google Inc.](http://www.google.com/)
[MS15-023](http://go.microsoft.com/fwlink/?linkid=526460) Microsoft Windows Kernel Memory Disclosure Vulnerability [CVE-2015-0077](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0077) WanderingGlitch, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-023](http://go.microsoft.com/fwlink/?linkid=526460) Win32k Elevation of Privilege Vulnerability [CVE-2015-0078](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0078) James Forshaw of [Google Project Zero](https://www.google.com/)
[MS15-023](http://go.microsoft.com/fwlink/?linkid=526460) Win32k Elevation of Privilege Vulnerability [CVE-2015-0078](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0078) Ashutosh Mehra of Adobe Systems Inc.
[MS15-023](http://go.microsoft.com/fwlink/?linkid=526460) Microsoft Windows Kernel Memory Disclosure Vulnerability [CVE-2015-0094](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0094) WanderingGlitch, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-023](http://go.microsoft.com/fwlink/?linkid=526460) Microsoft Windows Kernel Memory Disclosure Vulnerability [CVE-2015-0095](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0095) KK of Xuanwu Lab of [Tencent](http://www.tencent.com/)
[MS15-022](http://go.microsoft.com/fwlink/?linkid=526461) Microsoft Office Component Use After Free Vulnerability [CVE-2015-0085](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0085) 3S Labs, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-022](http://go.microsoft.com/fwlink/?linkid=526461) Microsoft Office Memory Corruption Vulnerability [CVE-2015-0086](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0086) Ben Hawkes of [Google Project Zero](http://www.google.com/)
[MS15-022](http://go.microsoft.com/fwlink/?linkid=526461) Microsoft Word Local Zone Remote Code Execution Vulnerability [CVE-2015-0097](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0097) Eduardo Prado, working with Beyond Security’s [SecuriTeam Secure Disclosure](http://www.beyondsecurity.com/ssd.html) team
[MS15-022](http://go.microsoft.com/fwlink/?linkid=526461) Microsoft SharePoint XSS Vulnerability [CVE-2015-1633](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1633) Adi Ivascu
[MS15-022](http://go.microsoft.com/fwlink/?linkid=526461) Microsoft SharePoint XSS Vulnerability [CVE-2015-1636](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1636) Adi Ivascu
[MS15-021](http://go.microsoft.com/fwlink/?linkid=526457) Adobe Font Driver Denial of Service Vulnerability [CVE-2015-0074](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0074) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS15-021](http://go.microsoft.com/fwlink/?linkid=526457) Adobe Font Driver Information Disclosure Vulnerability [CVE-2015-0087](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0087) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS15-021](http://go.microsoft.com/fwlink/?linkid=526457) Adobe Font Driver Remote Code Execution Vulnerability [CVE-2015-0088](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0088) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS15-021](http://go.microsoft.com/fwlink/?linkid=526457) Adobe Font Driver Information Disclosure Vulnerability [CVE-2015-0089](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0089) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS15-021](http://go.microsoft.com/fwlink/?linkid=526457) Adobe Font Driver Remote Code Execution Vulnerability [CVE-2015-0090](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0090) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS15-021](http://go.microsoft.com/fwlink/?linkid=526457) Adobe Font Driver Remote Code Execution Vulnerability [CVE-2015-0091](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0091) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS15-021](http://go.microsoft.com/fwlink/?linkid=526457) Adobe Font Driver Remote Code Execution Vulnerability [CVE-2015-0092](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0092) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS15-021](http://go.microsoft.com/fwlink/?linkid=526457) Adobe Font Driver Remote Code Execution Vulnerability [CVE-2015-0092](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0092) s3tm3m, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-021](http://go.microsoft.com/fwlink/?linkid=526457) Adobe Font Driver Remote Code Execution Vulnerability [CVE-2015-0093](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0093) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS15-020](http://go.microsoft.com/fwlink/?linkid=526456) WTS Remote Code Execution Vulnerability [CVE-2015-0081](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0081) Garage4Hackers, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-020](http://go.microsoft.com/fwlink/?linkid=526456) WTS Remote Code Execution Vulnerability [CVE-2015-0081](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0081) Francis Provencher of Protek Research Lab’s
[MS15-020](http://go.microsoft.com/fwlink/?linkid=526456) DLL Planting Remote Code Execution Vulnerability [CVE-2015-0096](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0096) Michael Heerklotz, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-019](http://go.microsoft.com/fwlink/?linkid=526467) VBScript Memory Corruption Vulnerability [CVE-2015-0032](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0032) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) VBScript Memory Corruption Vulnerability [CVE-2015-0032](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0032) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0056](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0056) 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0056](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0056) Jihui Lu of [KeenTeam](http://www.k33nteam.org/) (@K33nTeam)
[MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0099](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0099) SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0100](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0100) ca0nguyen, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1622](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1622) SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1622](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1622) AMol NAik, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1623](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1623) 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1624](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1624) Arthur Gerkis, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1625](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1625) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1626](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1626) ca0nguyen, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) Internet Explorer Elevation of Privilege Vulnerability [CVE-2015-1627](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1627) Ashutosh Mehra
[MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) Internet Explorer Memory Corruption Vulnerability [CVE-2015-1634](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1634) An anonymous researcher, working with Beyond Security’s [SecuriTeam Secure Disclosure](http://www.beyondsecurity.com/ssd.html) team
[MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) Defense-in-depth change in this bulletin ------------------- Michal Zalewski of [Google Project Zero](http://www.google.com/)
[MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) Defense-in-depth change in this bulletin ------------------- Zhang YunHai, [NSFOCUS Security Team](http://www.nsfocus.com/)
[MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) Defense-in-depth change in this bulletin ------------------- Noriaki Iwasaki of [Cyber Defense Institute, Inc.](http://www.cyberdefense.jp/)
**February 2015**
[MS15-016](http://go.microsoft.com/fwlink/?linkid=525539) TIFF Processing Information Disclosure Vulnerability [CVE-2015-0061](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0061) Michal Zalewski of [Google Inc.](http://www.google.com/)
[MS15-015](http://go.microsoft.com/fwlink/?linkid=525538) Windows Create Process Elevation of Privilege Vulnerability [CVE-2015-0062](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0062) James Forshaw of [Google Project Zero](https://www.google.com/)
[MS15-014](http://go.microsoft.com/fwlink/?linkid=522532) Group Policy Security Feature Bypass Vulnerability [CVE-2015-0009](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0009) Luke Jennings
[MS15-012](http://go.microsoft.com/fwlink/?linkid=525537) Excel Remote Code Execution Vulnerability [CVE-2015-0063](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0063) Fermin J. Serna of the [Google Security Team](http://www.google.com/)
[MS15-012](http://go.microsoft.com/fwlink/?linkid=525537) Office Remote Code Execution Vulnerability [CVE-2015-0064](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0064) Ben Hawkes of [Google Project Zero](http://www.google.com/)
[MS15-012](http://go.microsoft.com/fwlink/?linkid=525537) OneTableDocumentStream Remote Code Execution Vulnerability [CVE-2015-0065](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0065) Ben Hawkes of [Google Project Zero](http://www.google.com/)
[MS15-011](http://go.microsoft.com/fwlink/?linkid=525536) Group Policy Remote Code Execution Vulnerability [CVE-2015-0008](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0008) Jeff Schmidt of [JAS Global Advisors](https://www.jasadvisors.com/)
[MS15-011](http://go.microsoft.com/fwlink/?linkid=525536) Group Policy Remote Code Execution Vulnerability [CVE-2015-0008](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0008) Dr. Arnoldo Muller-Molina of [simMachines](http://www.simmachines.com/)
[MS15-011](http://go.microsoft.com/fwlink/?linkid=525536) Group Policy Remote Code Execution Vulnerability [CVE-2015-0008](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0008) The Internet Corporation for Assigned Names and Numbers ([ICANN](https://www.icann.org/))
[MS15-010](http://go.microsoft.com/fwlink/?linkid=525535) Win32k Elevation of Privilege Vulnerability [CVE-2015-0003](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0003) Marcin Wiazowski, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-010](http://go.microsoft.com/fwlink/?linkid=525535) CNG Security Feature Bypass Vulnerability [CVE-2015-0010](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0010) James Forshaw of [Google Project Zero](https://www.google.com/)
[MS15-010](http://go.microsoft.com/fwlink/?linkid=525535) Win32k Elevation of Privilege Vulnerability [CVE-2015-0057](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0057) Udi Yavo, CTO of enSilo
[MS15-010](http://go.microsoft.com/fwlink/?linkid=525535) Windows Cursor Object Double Free Vulnerability [CVE-2015-0058](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0058) n3phos, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-010](http://go.microsoft.com/fwlink/?linkid=525535) TrueType Font Parsing Remote Code Execution Vulnerability [CVE-2015-0059](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0059) Cris Neckar of Divergent Security
[MS15-010](http://go.microsoft.com/fwlink/?linkid=525535) Windows Font Driver Denial of Service Vulnerability [CVE-2015-0060](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0060) Cris Neckar of Divergent Security
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0017](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0017) [Aniway.Anyway@gmail.com](mailto:aniway.anyway@gmail.com), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0017](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0017) Adlab of [Venustech](https://technet.microsoft.com/en-us/library/_venustech.com.cn(v=Security.10))
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0018](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0018) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0019](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0019) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0020](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0020) Liu Long of [Qihoo 360](http://www.360.cn/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0021](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0021) Liu Long of [Qihoo 360](http://www.360.cn/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0022](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0022) Yujie Wen of [Qihoo 360](http://www.360.cn/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0023](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0023) José A. Vázquez of [VeriSign iDefense Labs](http://labs.idefense.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0025](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0025) An anonymous researcher, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0026](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0026) [Chen Zhang (demi6od)](https://github.com/demi6od) of [NSFOCUS Security Team](http://www.nsfocus.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0027](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0027) Jason Kratzer, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0028](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0028) Yujie Wen of [Qihoo 360](http://www.360.cn/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0029](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0029) Yuki Chen of [Qihoo 360](http://www.360.cn/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0030](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0030) [Chen Zhang (demi6od)](https://github.com/demi6od) of [NSFOCUS Security Team](http://www.nsfocus.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0031](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0031) [Aniway.Anyway@gmail.com](mailto:aniway.anyway@gmail.com), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0035](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0035) Sky, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0035](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0035) Pawel Wylecial, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0035](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0035) Li Kemeng of [Baidu Anti-virus Team](http://anquan.baidu.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0036](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0036) An anonymous researcher, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0037](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0037) sweetchip@GRAYHASH, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0038](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0038) An anonymous researcher, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0038](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0038) Dhanesh Kizhakkinan of [FireEye, Inc.](http://www.fireeye.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0038](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0038) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0039](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0039) Jihui Lu of [KeenTeam](http://www.k33nteam.org/) (@K33nTeam)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0040](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0040) SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0041](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0041) 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0041](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0041) An anonymous researcher, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0041](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0041) Li Kemeng of [Baidu Anti-virus Team](http://anquan.baidu.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0042](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0042) [Omair](http://krash.in/) working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0043](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0043) [Omair](http://krash.in/) working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0044](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0044) ca0nguyen, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0045](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0045) ca0nguyen, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0045](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0045) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0046](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0046) Stephen Fewer of [Harmony Security](http://www.harmonysecurity.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0048](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0048) SkyLined
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0049](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0049) SkyLined
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0050](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0050) SkyLined
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer ASLR Bypass Vulnerability [CVE-2015-0051](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0051) SkyLined
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0052](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0052) SkyLined
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0053](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0053) SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0053](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0053) Tao Qiu of Huawei's IT Infrastructure & Security Dept, BP & IT
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Elevation of Privilege Vulnerability [CVE-2015-0055](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0055) James Forshaw of [Google Project Zero](https://www.google.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0066](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0066) Edward Torkington of [NCC Group](https://www.nccgroup.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0066](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0066) Jihui Lu of [KeenTeam](http://www.k33nteam.org/) (@K33nTeam)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0067](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0067) Peter Vreugdenhil of [exodusintel.com](https://www.exodusintel.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer Memory Corruption Vulnerability [CVE-2015-0068](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0068) Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer ASLR Bypass Vulnerability [CVE-2015-0069](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0069) Jack Tang of [Trend Micro](http://www.trendmicro.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer ASLR Bypass Vulnerability [CVE-2015-0071](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0071) The Labs Team of [iSIGHT Partners](http://www.isightpartners.com/)
[MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) Internet Explorer ASLR Bypass Vulnerability [CVE-2015-0071](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0071) Clement Lecigne of [Google Inc.](http://www.google.com/)
**January 2015**
[MS15-008](http://go.microsoft.com/fwlink/?linkid=522533) WebDAV Elevation of Privilege Vulnerability [CVE-2015-0011](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0011) James Forshaw of [Google Project Zero](https://www.google.com/)
[MS15-006](http://go.microsoft.com/fwlink/?linkid=522535) Windows Error Reporting Security Feature Bypass Vulnerability [CVE-2015-0001](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0001) Alex Ionescu of Winsider Seminars & Solutions Inc. and CrowdStrike Inc.
[MS15-005](http://go.microsoft.com/fwlink/?linkid=522531) NLA Security Feature Bypass Vulnerability [CVE-2015-0006](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0006) Jonas Vestberg of [Sentor](http://www.sentor.se/)
[MS15-004](http://go.microsoft.com/fwlink/?linkid=522521) Directory Traversal Elevation of Privilege Vulnerability [CVE-2015-0016](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0016) Liam O’Murchu of [Symantec](http://www.symantec.com/)
[MS15-002](http://go.microsoft.com/fwlink/?linkid=522537) Windows Telnet Service Buffer Overflow Vulnerability [CVE-2015-0014](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0014) Daiyuu Nobori and Christopher Hiroshi Higuchi SMITH of the [University of Tsukuba](http://www.tsukuba.ac.jp/)