Acknowledgments – 2015
- 37 minutes to read
Microsoft extends thanks to the following for working with us to help protect customers.
| **Bulletin ID** | **Vulnerability Title** | **CVE ID** | **Acknowledgment** |
| **December 2015** | |||
| [MS15-135](http://go.microsoft.com/fwlink/?linkid=708239) | Windows Kernel Memory Elevation of Privilege Vulnerability | [CVE-2015-6171](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6171) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS15-135](http://go.microsoft.com/fwlink/?linkid=708239) | Windows Kernel Memory Elevation of Privilege Vulnerability | [CVE-2015-6173](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6173) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS15-135](http://go.microsoft.com/fwlink/?linkid=708239) | Windows Kernel Memory Elevation of Privilege Vulnerability | [CVE-2015-6174](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6174) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS15-135](http://go.microsoft.com/fwlink/?linkid=708239) | Windows Kernel Memory Elevation of Privilege Vulnerability | [CVE-2015-6175](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6175) | ChenDong Li of [Tencent](http://tencent.com/) |
| [MS15-134](http://go.microsoft.com/fwlink/?linkid=699419) | Windows Media Center Information Disclosure Vulnerability | [CVE-2015-6127](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6127) | Francisco Falcon of [Core Security](http://www.coresecurity.com/advisories/microsoft-windows-media-center-link-file-incorrectly-resolved-reference) |
| [MS15-134](http://go.microsoft.com/fwlink/?linkid=699419) | Media Center Library Parsing RCE Vulnerability | [CVE-2015-6131](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6131) | Zhang YunHai of [NSFOCUS Security Team](http://www.nsfocus.com/) |
| [MS15-134](http://go.microsoft.com/fwlink/?linkid=699419) | Windows Library Loading Remote Code Execution Vulnerability | [CVE-2015-6128](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6128) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS15-134](http://go.microsoft.com/fwlink/?linkid=699419) | Windows Library Loading Remote Code Execution Vulnerability | [CVE-2015-6128](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6128) | Parvez Anwar |
| [MS15-132](http://go.microsoft.com/fwlink/?linkid=699415) | Windows Library Loading Remote Code Execution Vulnerability | [CVE-2015-6132](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6132) | Yorick Koster of Securify B.V. |
| [MS15-132](http://go.microsoft.com/fwlink/?linkid=699415) | Windows Library Loading Remote Code Execution Vulnerability | [CVE-2015-6132](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6132) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS15-131](http://go.microsoft.com/fwlink/?linkid=699410) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-6040](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6040) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS15-131](http://go.microsoft.com/fwlink/?linkid=699410) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-6118](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6118) | Kai Lu of Fortinet's FortiGuard Labs |
| [MS15-131](http://go.microsoft.com/fwlink/?linkid=699410) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-6122](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6122) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS15-131](http://go.microsoft.com/fwlink/?linkid=699410) | Microsoft Office RCE Vulnerability | [CVE-2015-6172](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6172) | Haifei Li |
| [MS15-131](http://go.microsoft.com/fwlink/?linkid=699410) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-6177](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6177) | Kai Lu of Fortinet's FortiGuard Labs |
| [MS15-130](http://go.microsoft.com/fwlink/?linkid=699420) | Windows Integer Underflow Vulnerability | [CVE-2015-6130](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6130) | Hossein Lotfi, [Secunia Research](http://secunia.com/) (now part of Flexera Software) |
| [MS15-129](http://go.microsoft.com/fwlink/?linkid=691214) | Microsoft Silverlight Information Disclosure Vulnerability | [CVE-2015-6165](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6165) | Marcin '[Icewal](http://www.icewall.pl/)l' Noga of Cisco Talos |
| [MS15-128](http://go.microsoft.com/fwlink/?linkid=690559) | Graphics Memory Corruption Vulnerability | [CVE-2015-6106](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6106) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS15-128](http://go.microsoft.com/fwlink/?linkid=690559) | Graphics Memory Corruption Vulnerability | [CVE-2015-6107](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6107) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS15-126](http://go.microsoft.com/fwlink/?linkid=699421) | Scripting Engine Information Disclosure Vulnerability | [CVE-2015-6135](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6135) | Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-126](http://go.microsoft.com/fwlink/?linkid=699421) | Scripting Engine Memory Corruption Vulnerability | [CVE-2015-6136](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6136) | Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-126](http://go.microsoft.com/fwlink/?linkid=699421) | Scripting Engine Memory Corruption Vulnerability | [CVE-2015-6136](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6136) | An anonymous researcher, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-126](http://go.microsoft.com/fwlink/?linkid=699421) | Scripting Engine Memory Corruption Vulnerability | [CVE-2015-6136](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6136) | Yuki Chen of Qihoo 360Vulcan Team |
| [MS15-126](http://go.microsoft.com/fwlink/?linkid=699421) | Scripting Engine Memory Corruption Vulnerability | [CVE-2015-6137](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6137) | Anonymous contributor, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) | Microsoft Browser Elevation of Privilege Vulnerability | [CVE-2015-6139](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6139) | Michal Bentkowski |
| [MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6140](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6140) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6142](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6142) | Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6142](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6142) | Zheng Huang of the [Baidu Scloud XTeam](http://xlab.baidu.com/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6148](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6148) | A3F2160DCA1BDE70DA1D99ED267D5DC1EC336192, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6151](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6151) | Li Kemeng of Baidu Security Team(x-Team) , working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) | Microsoft Edge Memory Corruption Vulnerability | [CVE-2015-6153](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6153) | Shi Ji (@Puzzor) of [VARAS@IIE](http://www.iie.ac.cn/) |
| [MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6154](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6154) | ChenDong Li and YunZe Ni of [Tencent](http://tencent.com/) |
| [MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6155](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6155) | Zheng Huang of the [Baidu Scloud XTeam](http://xlab.baidu.com/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6158](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6158) | Zheng Huang of the [Baidu Scloud XTeam](http://xlab.baidu.com/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6159](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6159) | Zheng Huang of the [Baidu Scloud XTeam](http://xlab.baidu.com/) |
| [MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6159](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6159) | Jason Kratzer, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) | Microsoft Browser ASLR Bypass | [CVE-2015-6161](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6161) | Rh0 |
| [MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) | Microsoft Edge Memory Corruption Vulnerability | [CVE-2015-6168](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6168) | SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) | Microsoft Edge Spoofing Vulnerability | [CVE-2015-6169](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6169) | [Stephan Brunner](https://stephan-brunner.net/) |
| [MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) | Microsoft Edge Elevation of Privilege Vulnerability | [CVE-2015-6170](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6170) | Mario Heiderich of [Cure53](https://cure53.de/) |
| [MS15-125](http://go.microsoft.com/fwlink/?linkid=699426) | Microsoft Edge XSS Filter Bypass Vulnerability | [CVE-2015-6176](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6176) | Masato Kinugawa |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6083](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6083) | Hui Gao of [Palo Alto Networks](https://www.paloaltonetworks.com/) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6083](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6083) | B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6134](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6134) | SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Scripting Engine Information Disclosure Vulnerability | [CVE-2015-6135](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6135) | Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Scripting Engine Information Disclosure Vulnerability | [CVE-2015-6136](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6136) | Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Microsoft Browser Elevation of Privilege Vulnerability | [CVE-2015-6139](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6139) | Michal Bentkowski |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6140](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6140) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6141](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6141) | B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6142](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6142) | Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Microsoft Browser XSS Filter Bypass Vulnerability | [CVE-2015-6144](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6144) | Masato Kinugawa |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Microsoft Browser XSS Filter Bypass Vulnerability | [CVE-2015-6144](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6144) | [Filedescriptor](https://twitter.com/filedescriptor) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6145](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6145) | Cong Zhang and Yi Jiang, working with [Beijing VRV Software Co., LTD.](http://www.vrv.com.cn/) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6146](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6146) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6147](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6147) | B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6148](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6148) | A3F2160DCA1BDE70DA1D99ED267D5DC1EC336192, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6149](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6149) | B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6150](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6150) | B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6151](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6151) | Li Kemeng of Baidu Security Team(x-Team) , working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6152](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6152) | Moritz Jodeit of [Blue Frost Security](https://www.bluefrostsecurity.de/en/) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6153](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6153) | Shi Ji (@Puzzor) of [VARAS@IIE](http://www.iie.ac.cn/) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6154](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6154) | ChenDong Li and YunZe Ni of [Tencent](http://tencent.com/) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6155](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6155) | Zheng Huang of the [Baidu Scloud XTeam](http://xlab.baidu.com/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6156](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6156) | Anonymous contributor, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6157](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6157) | Zheng Huang of the [Baidu Scloud XTeam](http://xlab.baidu.com/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6158](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6158) | Zheng Huang of the [Baidu Scloud XTeam](http://xlab.baidu.com/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6159](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6159) | Zheng Huang of the [Baidu Scloud XTeam](http://xlab.baidu.com/) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6159](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6159) | Jason Kratzer, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6160](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6160) | Garage4Hackers, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Internet Explorer ASLR Bypass | [CVE-2015-6161](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6161) | Rh0 |
| [MS15-124](http://go.microsoft.com/fwlink/?linkid=699422) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6162](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6162) | Wenxiang Qian of [Tencent](http://tencent.com/)[QQBrowser](http://browser.qq.com/) |
| **November 2015** | |||
| [MS15-123](http://go.microsoft.com/fwlink/?linkid=691035) | Server Input Validation Information Disclosure Vulnerability | [CVE-2015-6061](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6061) | Fatih Ozavci - [Sense of Security](http://www.senseofsecurity.com.au/) |
| [MS15-122](http://go.microsoft.com/fwlink/?linkid=690720) | Windows Kerberos Security Feature Bypass | [CVE-2015-6095](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6095) | Ian Haken of Synopsys Inc. |
| [MS15-119](http://go.microsoft.com/fwlink/?linkid=690588) | Winsock Elevation of Privilege Vulnerability | [CVE-2015-2478](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2478) | Alex Ionescu of [Winsider Seminars & Solutions Inc.](http://www.alex-ionescu.com/) |
| [MS15-119](http://go.microsoft.com/fwlink/?linkid=690588) | Winsock Elevation of Privilege Vulnerability | [CVE-2015-2478](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2478) | Thomas Faber, of [CrowdStrike Inc.](http://www.crowdstrike.com/) |
| [MS15-118](http://go.microsoft.com/fwlink/?linkid=690565) | .NET Elevation of Privilege Vulnerability | [CVE-2015-6099](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6099) | John Page aka [hyp3rlinx](http://hyp3rlinx.altervista.org/) |
| [MS15-117](http://go.microsoft.com/fwlink/?linkid=690723) | Windows NDIS Elevation of Privilege Vulnerability | [CVE-2015-6098](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6098) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS15-116](http://go.microsoft.com/fwlink/?linkid=690594) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-6038](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6038) | Steven Seeley of [Source Incite](http://srcincite.io/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-116](http://go.microsoft.com/fwlink/?linkid=690594) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-6091](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6091) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS15-116](http://go.microsoft.com/fwlink/?linkid=690594) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-6092](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6092) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS15-116](http://go.microsoft.com/fwlink/?linkid=690594) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-6093](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6093) | SignalSEC Research, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-116](http://go.microsoft.com/fwlink/?linkid=690594) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-6094](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6094) | Steven Seeley of [Source Incite](http://srcincite.io/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-116](http://go.microsoft.com/fwlink/?linkid=690594) | Microsoft Outlook for Mac Spoofing Vulnerability | [CVE-2015-6123](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6123) | Mark Robbins [Rebelmail](http://rebelmail.com/) |
| [MS15-115](http://go.microsoft.com/fwlink/?linkid=691032) | Windows Kernel Memory Elevation of Privilege Vulnerability | [CVE-2015-6100](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6100) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS15-115](http://go.microsoft.com/fwlink/?linkid=691032) | Windows Kernel Memory Elevation of Privilege Vulnerability | [CVE-2015-6101](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6101) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS15-115](http://go.microsoft.com/fwlink/?linkid=691032) | Windows Kernel Memory Information Disclosure Vulnerability | [CVE-2015-6102](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6102) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS15-115](http://go.microsoft.com/fwlink/?linkid=691032) | Windows Graphics Memory Remote Code Execution Vulnerability | [CVE-2015-6103](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6103) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS15-115](http://go.microsoft.com/fwlink/?linkid=691032) | Windows Graphics Memory Remote Code Execution Vulnerability | [CVE-2015-6104](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6104) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS15-115](http://go.microsoft.com/fwlink/?linkid=691032) | Windows Kernel Security Feature Bypass Vulnerability | [CVE-2015-6113](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6113) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS15-114](http://go.microsoft.com/fwlink/?linkid=690570) | Windows Journal Heap Overflow Vulnerability | [CVE-2015-6097](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6097) | Jason Kratzer, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-113](http://go.microsoft.com/fwlink/?linkid=690585) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6064](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6064) | Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-113](http://go.microsoft.com/fwlink/?linkid=690585) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6073](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6073) | Kai Kang of [Tencent's Xuanwu LAB](http://www.tencent.com/) |
| [MS15-113](http://go.microsoft.com/fwlink/?linkid=690585) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6078](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6078) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-113](http://go.microsoft.com/fwlink/?linkid=690585) | Microsoft Browser ASLR Bypass | [CVE-2015-6088](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6088) | JaeHun Jeong |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6064](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6064) | Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6065](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6065) | Jason Kratzer, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6065](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6065) | B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6066](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6066) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6068](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6068) | Zheng Huang of the [Baidu Scloud XTeam](http://anquan.baidu.com/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6069](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6069) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6070](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6070) | Tongbo Luo of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6070](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6070) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6071](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6071) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6072](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6072) | Kai Kang of [Tencent's Xuanwu LAB](http://www.tencent.com/) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6073](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6073) | Kai Kang of [Tencent's Xuanwu LAB](http://www.tencent.com/) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6075](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6075) | 0011, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6076](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6076) | Anonymous, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6077](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6077) | 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/), and Linan Hao of [Qihoo 360](http://www.360.cn/) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6077](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6077) | Linan Hao of [Qihoo 360](http://www.360.cn/) Vulcan Team |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2015-6078](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6078) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6079](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6079) | Zheng Huang of the [Baidu Scloud XTeam](http://anquan.baidu.com/) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6080](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6080) | Zheng Huang of the [Baidu Scloud XTeam](http://anquan.baidu.com/) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6081](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6081) | B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6082](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6082) | Zheng Huang of the [Baidu Scloud XTeam](http://anquan.baidu.com/) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6084](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6084) | Zheng Huang of the [Baidu Scloud XTeam](http://anquan.baidu.com/), working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6085](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6085) | Jason Kratzer, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Internet Explorer Information Disclosure Vulnerability | [CVE-2015-6086](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6086) | Ashfaq Ansari, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6087](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6087) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-112](http://go.microsoft.com/fwlink/?linkid=690584) | Scripting Engine Memory Corruption Vulnerability | [CVE-2015-6089](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6089) | Yuki Chen of [Qihoo 360](http://www.360.cn/) Vulcan Team |
| [MS15-099](http://go.microsoft.com/fwlink/?linkid=623627) | Microsoft Office Malformed EPS File Vulnerability | [CVE-2015-2545](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2545) | Genwei Jiang of [FireEye, Inc.](http://www.fireeye.com/) |
| [SA3108638](https://technet.microsoft.com/library/security/3108638.aspx) | N/A | [CVE-2015-5307](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5307) | Ben Serebrin of Google |
| **October 2015** | |||
| [MS15-111](http://go.microsoft.com/fwlink/?linkid=625080) | Windows Kernel Memory Corruption Vulnerability | [CVE-2015-2549](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2549) | dbc282f4f2f7d2466fa0078bf8034d99 |
| [MS15-111](http://go.microsoft.com/fwlink/?linkid=625080) | Windows Elevation of Privilege Vulnerability | [CVE-2015-2550](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2550) | [Ashutosh Mehra](https://twitter.com/ashutoshmehra), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-111](http://go.microsoft.com/fwlink/?linkid=625080) | Windows Mount Point Elevation of Privilege Vulnerability | [CVE-2015-2553](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2553) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS15-111](http://go.microsoft.com/fwlink/?linkid=625080) | Windows Object Reference Elevation of Privilege Vulnerability | [CVE-2015-2554](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2554) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS15-110](http://go.microsoft.com/fwlink/?linkid=625092) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-2555](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2555) | 3S Labs, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-110](http://go.microsoft.com/fwlink/?linkid=625092) | Microsoft Sharepoint Information Disclosure Vulnerability | [CVE-2015-2556](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2556) | Jakub Palaczynski of ING Services Polska |
| [MS15-110](http://go.microsoft.com/fwlink/?linkid=625092) | Microsoft Office Memory Corruption Vulnerabilties | [CVE-2015-2557](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2557) | kdot, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-110](http://go.microsoft.com/fwlink/?linkid=625092) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-2558](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2558) | 3S Labs, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-109](http://go.microsoft.com/fwlink/?linkid=625078) | Toolbar Use After Free Vulnerability | [CVE-2015-2515](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2515) | Heige (a.k.a. SuperHei) from [Knownsec 404 Security Team](http://www.knownsec.com/) |
| [MS15-109](http://go.microsoft.com/fwlink/?linkid=625078) | Microsoft Tablet Input Band Use After Free Vulnerability | [CVE-2015-2548](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2548) | Heige (a.k.a. SuperHei) from [Knownsec 404 Security Team](http://www.knownsec.com/) and Hui Gao of Palo Alto Networks |
| [MS15-108](http://go.microsoft.com/fwlink/?linkid=623633) | Scripting Engine Memory Corruption Vulnerability | [CVE-2015-2482](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2482) | Skylined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-108](http://go.microsoft.com/fwlink/?linkid=623633) | VBScript and JScript ASLR Bypass | [CVE-2015-6052](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6052) | Bill Finlayson, [Vectra Networks](http://www.vectranetworks.com/) |
| [MS15-108](http://go.microsoft.com/fwlink/?linkid=623633) | Scripting Engine Memory Corruption Vulnerability | [CVE-2015-6055](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6055) | Simon Zuckerbraun, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-108](http://go.microsoft.com/fwlink/?linkid=623633) | Scripting Engine Memory Corruption Vulnerability | [CVE-2015-6055](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6055) | An anonymous researcher, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-108](http://go.microsoft.com/fwlink/?linkid=623633) | Scripting Engine Information Disclosure Vulnerability | [CVE-2015-6059](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6059) | Takeshi Terada of [Mitsui Bussan Secure Directions, Inc](http://www.mbsd.jp/). |
| [MS15-107](http://go.microsoft.com/fwlink/?linkid=625091) | Microsoft Edge XSS Filter Bypass | [CVE-2015-6058](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6058) | Noriaki Iwasaki of [Cyber Defense Institute, Inc.](http://www.cyberdefense.jp/) |
| [MS15-107](http://go.microsoft.com/fwlink/?linkid=625091) | Microsoft Edge XSS Filter Bypass | [CVE-2015-6058](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6058) | Masato Kinugawa, Individual |
| [MS15-107](http://go.microsoft.com/fwlink/?linkid=625091) | Microsoft Edge Information Disclosure Vulnerability | [CVE-2015-6057](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6057) | Mario Heiderich of [Cure53](https://cure53.de/) |
| [MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) | Scripting Engine Memory Corruption Vulnerability | [CVE-2015-2482](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2482) | Skylined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6042](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6042) | Garage4Hackers, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) | Internet Explorer Elevation of Privilege Vulnerability | [CVE-2015-6044](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6044) | Jack Tang of [Trend Micro](http://www.trendmicro.com/) |
| [MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6045](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6045) | Zheng Huang of the [Baidu Scloud XTeam](http://anquan.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6045](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6045) | Kai Kang of [Tencent's Xuanwu LAB](http://www.tencent.com/) |
| [MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6046](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6046) | Jason Kratzer, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) | Internet Explorer Elevation of Privilege Vulnerability | [CVE-2015-6047](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6047) | [Ashutosh Mehra](https://twitter.com/ashutoshmehra), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6048](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6048) | Tongbo Luo of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6048](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6048) | Hui Gao of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6048](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6048) | Dhanesh Kizhakkinan of [FireEye, Inc.](https://www.fireeye.com/) |
| [MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6049](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6049) | Heige (a.k.a. SuperHei) from [Knownsec 404 Security Team](http://www.knownsec.com/) |
| [MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-6050](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6050) | Zheng Huang of the [Baidu Scloud XTeam](http://anquan.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) | Internet Explorer Elevation of Privilege Vulnerability | [CVE-2015-6051](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6051) | [Ashutosh Mehra](https://twitter.com/ashutoshmehra), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) | VBScript and JScript ASLR Bypass | [CVE-2015-6052](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6052) | Bill Finlayson, [Vectra Networks](http://www.vectranetworks.com/) |
| [MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) | Internet Explorer Information Disclosure Vulnerability | [CVE-2015-6053](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6053) | CK, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) | Scripting Engine Memory Corruption Vulnerability | [CVE-2015-6055](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6055) | An anonymous researcher, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) | Scripting Engine Memory Corruption Vulnerability | [CVE-2015-6056](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6056) | Aakash Jain and Dhanesh Kizhakkinan of [FireEye, Inc.](http://www.fireeye.com/) |
| [MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) | Scripting Engine Information Disclosure Vulnerability | [CVE-2015-6059](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6059) | Takeshi Terada of [Mitsui Bussan Secure Directions, Inc](http://www.mbsd.jp/). |
| [MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) | Scripting Engine Memory Corruption Vulnerability | [CVE-2015-6184](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6184) | Zheng Huang of the [Baidu Scloud XTeam](http://xlab.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-106](http://go.microsoft.com/fwlink/?linkid=625089) | Defense-in-depth | ------------------- | Mario Heiderich of [Cure53](https://cure53.de/) |
| **September 2015** | |||
| [MS15-103](http://go.microsoft.com/fwlink/?linkid=623628) | Exchange Information Disclosure Vulnerability | [CVE-2015-2505](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2505) | John Page of [hyp3rlinx](http://hyp3rlinx.altervista.org/) |
| [MS15-103](http://go.microsoft.com/fwlink/?linkid=623628) | Exchange Spoofing Vulnerability | [CVE-2015-2543](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2543) | [Abdulrahman Alqabandi](http://twitter.com/qab) |
| [MS15-103](http://go.microsoft.com/fwlink/?linkid=623628) | Exchange Spoofing Vulnerability | [CVE-2015-2544](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2544) | Justin Khoo of [FreshInbox](http://freshinbox.com/) |
| [MS15-102](http://go.microsoft.com/fwlink/?linkid=623626) | Windows Task Management Elevation of Privilege Vulnerability | [CVE-2015-2524](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2524) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS15-102](http://go.microsoft.com/fwlink/?linkid=623626) | Windows Task File Deletion Elevation of Privilege Vulnerability | [CVE-2015-2525](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2525) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS15-102](http://go.microsoft.com/fwlink/?linkid=623626) | Windows Task Management Elevation of Privilege Vulnerability | [CVE-2015-2528](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2528) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS15-101](http://go.microsoft.com/fwlink/?linkid=623575) | .NET Elevation of Privilege Vulnerability | [CVE-2015-2504](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2504) | Yorick Koster of Securify B.V. |
| [MS15-101](http://go.microsoft.com/fwlink/?linkid=623575) | MVC Denial of Service Vulnerability | [CVE-2015-2526](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2526) | Roberto Suggi Liverani of NCIA (NATO Communications and Information Agency) |
| [MS15-100](http://go.microsoft.com/fwlink/?linkid=623232) | Windows Media Center RCE Vulnerability | [CVE-2015-2509](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2509) | Aaron Luo, Kenney Lu, and Ziv Chang of [TrendMicro](http://www.trendmicro.com/) |
| [MS15-099](http://go.microsoft.com/fwlink/?linkid=623627) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-2520](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2520) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS15-099](http://go.microsoft.com/fwlink/?linkid=623627) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-2521](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2521) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS15-099](http://go.microsoft.com/fwlink/?linkid=623627) | Microsoft SharePoint XSS Spoofing Vulnerability | [CVE-2015-2522](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2522) | This vulnerability was discovered by Fortinet's FortiGuard Labs. |
| [MS15-099](http://go.microsoft.com/fwlink/?linkid=623627) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-2523](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2523) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS15-099](http://go.microsoft.com/fwlink/?linkid=623627) | Microsoft Office Malformed EPS File Vulnerability | [CVE-2015-2545](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2545) | Genwei Jiang of [FireEye, Inc.](http://www.fireeye.com/) |
| [MS15-098](http://go.microsoft.com/fwlink/?linkid=623624) | Windows Journal RCE Vulnerability | [CVE-2015-2513](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2513) | Phil Blankenship of [BeyondTrust Inc](http://www.beyondtrust.com/) |
| [MS15-098](http://go.microsoft.com/fwlink/?linkid=623624) | Windows Journal DoS Vulnerability | [CVE-2015-2514](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2514) | Kai Lu of Fortinet's FortiGuard Labs |
| [MS15-098](http://go.microsoft.com/fwlink/?linkid=623624) | Windows Journal DoS Vulnerability | [CVE-2015-2516](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2516) | Kai Lu of Fortinet's FortiGuard Labs |
| [MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) | OpenType Font Parsing Vulnerability | [CVE-2015-2506](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2506) | Piotr Bania and Andrea Allievi of [Cisco Talos](http://www.talosintel.com/) |
| [MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) | Font Driver Elevation of Privilege Vulnerability | [CVE-2015-2507](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2507) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) | Font Driver Elevation of Privilege Vulnerability | [CVE-2015-2508](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2508) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) | Graphics Component Buffer Overflow Vulnerability | [CVE-2015-2510](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2510) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) | Font Driver Elevation of Privilege Vulnerability | [CVE-2015-2511](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2511) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) | Font Driver Elevation of Privilege Vulnerability | [CVE-2015-2512](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2512) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) | Win32k Memory Corruption Elevation of Privilege Vulnerability | [CVE-2015-2517](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2517) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) | Win32k Memory Corruption Elevation of Privilege Vulnerability | [CVE-2015-2518](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2518) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) | Win32k Elevation of Privilege Vulnerability | [CVE-2015-2527](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2527) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) | Kernel ASLR Bypass Vulnerability | [CVE-2015-2529](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2529) | Matt Tait of [Google Project Zero](http://www.google.com/) |
| [MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) | Win32k Memory Corruption Elevation of Privilege Vulnerability | [CVE-2015-2546](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2546) | Wang Yu of [FireEye, Inc.](http://www.fireeye.com/) |
| [MS15-097](http://go.microsoft.com/fwlink/?linkid=623625) | Defense-in-depth | ------------------- | lokihardt@ASRT, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-096](http://go.microsoft.com/fwlink/?linkid=623553) | Active Directory Denial of Service Vulnerability | [CVE-2015-2535](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2535) | Andrew Bartlett of [Catalyst](http://www.catalyst.net.nz/) and the [Samba Team](http://www.samba.org/) |
| [MS15-095](http://go.microsoft.com/fwlink/?linkid=623632) | Memory Corruption Vulnerability | [CVE-2015-2485](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2485) | 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-095](http://go.microsoft.com/fwlink/?linkid=623632) | Memory Corruption Vulnerability | [CVE-2015-2486](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2486) | 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) | Information Disclosure Vulnerability | [CVE-2015-2483](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2483) | Shi Ji (@Puzzor) of [VARAS@IIE](http://www.iie.ac.cn/) |
| [MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) | Tampering Vulnerability | [CVE-2015-2484](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2484) | Haifei Li of [Intel Security IPS Research Team](http://www.intelsecurity.com/) |
| [MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) | Memory Corruption Vulnerability | [CVE-2015-2485](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2485) | 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) | Memory Corruption Vulnerability | [CVE-2015-2486](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2486) | 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) | Memory Corruption Vulnerability | [CVE-2015-2487](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2487) | Pawel Wylecial, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) | Elevation of Privilege Vulnerability | [CVE-2015-2489](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2489) | 5AECDBC12A3C178E19CF1E3CB5EDAA89, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) | Memory Corruption Vulnerability | [CVE-2015-2490](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2490) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) | Memory Corruption Vulnerability | [CVE-2015-2491](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2491) | Heige (a.k.a. SuperHei) from [Knownsec 404 Security Team](http://www.knownsec.com/) |
| [MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) | Memory Corruption Vulnerability | [CVE-2015-2492](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2492) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) | Memory Corruption Vulnerability | [CVE-2015-2492](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2492) | Dhanesh Kizhakkinan of [FireEye, Inc.](http://www.fireeye.com/) |
| [MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) | Scripting Engine Memory Corruption Vulnerability | [CVE-2015-2493](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2493) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) | Memory Corruption Vulnerability | [CVE-2015-2494](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2494) | Kai Song ([exp](http://exp-sky.org)-sky) of [Tencent's Xuanwu LAB](http://www.tencent.com/) |
| [MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) | Memory Corruption Vulnerability | [CVE-2015-2498](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2498) | B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) | Memory Corruption Vulnerability | [CVE-2015-2499](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2499) | B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) | Memory Corruption Vulnerability | [CVE-2015-2500](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2500) | B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) | Memory Corruption Vulnerability | [CVE-2015-2501](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2501) | Sean Verity, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) | Memory Corruption Vulnerability | [CVE-2015-2541](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2541) | 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-094](http://go.microsoft.com/fwlink/?linkid=623623) | Defense-in-depth | ------------------- | Yang Yu ([@tombkeeper](https://twitter.com/tombkeeper)) of [Tencent's Xuanwu Lab](http://www.tencent.com/en-us/index.shtml) |
| **August 2015** | |||
| [MS15-093](http://go.microsoft.com/fwlink/?linkid=620908) | Memory Corruption Vulnerability | [CVE-2015-2502](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2502) | Clement Lecigne of [Google Inc.](http://www.google.com/) |
| [MS15-092](http://go.microsoft.com/fwlink/?linkid=620204) | RyuJIT Optimization Elevation of Privilege Vulnerability | [CVE-2015-2479](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2479) | Nick Craver & Marc Gravell of Stack Overflow |
| [MS15-091](http://go.microsoft.com/fwlink/?linkid=620118) | Memory Corruption Vulnerability | [CVE-2015-2441](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2441) | Liu Long of the [Qihoo 360](http://www.360.cn/) Vulcan Team |
| [MS15-090](http://go.microsoft.com/fwlink/?linkid=619649) | Windows Registry Elevation of Privilege Vulnerability | [CVE-2015-2429](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2429) | [Ashutosh Mehra](https://twitter.com/ashutoshmehra), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-090](http://go.microsoft.com/fwlink/?linkid=619649) | Windows Filesystem Elevation of Privilege Vulnerability | [CVE-2015-2430](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2430) | [Ashutosh Mehra](https://twitter.com/ashutoshmehra), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-087](http://go.microsoft.com/fwlink/?linkid=619633) | UDDI Services Elevation of Privilege Vulnerability | [CVE-2015-2475](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2475) | François-Xavier Stellamans from NCI Agency - Cyber Security / NCIRC |
| [MS15-084](http://go.microsoft.com/fwlink/?linkid=619680) | MSXML Information Disclosure Vulnerability | [CVE-2015-2440](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2440) | Ucha Gobejishvili, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-083](http://go.microsoft.com/fwlink/?linkid=619627) | Server Message Block Memory Corruption Vulnerability | [CVE-2015-2474](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2472) | Tenable Network Security |
| [MS15-081](http://go.microsoft.com/fwlink/?linkid=619678) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-1642](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1642) | This vulnerability was discovered by Fortinet's FortiGuard Labs |
| [MS15-081](http://go.microsoft.com/fwlink/?linkid=619678) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-1642](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1642) | Yong Chuan Koh (@yongchuank) of [MWR Labs](http://labs.mwrinfosecurity.com/) (@mwrlabs) |
| [MS15-081](http://go.microsoft.com/fwlink/?linkid=619678) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-1642](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1642) | s3tm3m@gmail.com, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-081](http://go.microsoft.com/fwlink/?linkid=619678) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-2467](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2467) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS15-081](http://go.microsoft.com/fwlink/?linkid=619678) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-2468](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2468) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS15-081](http://go.microsoft.com/fwlink/?linkid=619678) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-2469](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2469) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS15-081](http://go.microsoft.com/fwlink/?linkid=619678) | Microsoft Office Integer Underflow Vulnerability | [CVE-2015-2470](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2470) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS15-081](http://go.microsoft.com/fwlink/?linkid=619678) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-2477](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2477) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS15-081](http://go.microsoft.com/fwlink/?linkid=619678) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-2445](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2445) | Jack Tang of [Trend Micro](http://www.trendmicro.com/) |
| [MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) | Microsoft Office Graphics Component Remote Code Execution Vulnerability | [CVE-2015-2431](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2431) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) | OpenType Font Parsing Vulnerability | [CVE-2015-2432](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2432) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) | Kernel ASLR Bypass Vulnerability | [CVE-2015-2433](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2433) | Matt Tait of [Google Inc.](http://www.google.com/) |
| [MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) | TrueType Font Parsing Vulnerability | [CVE-2015-2435](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2435) | KeenTeam's Jihui Lu and Peter Hlavaty, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) | Windows CSRSS Elevation of Privilege Vulnerability | [CVE-2015-2453](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2453) | Liang Yin of [Tencent PC Manager](http://guanjia.qq.com/) |
| [MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) | Windows KMD Security Feature Bypass Vulnerability | [CVE-2015-2454](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2454) | [Ashutosh Mehra](https://twitter.com/ashutoshmehra), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) | TrueType Font Parsing Vulnerability | [CVE-2015-2455](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2455) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) | TrueType Font Parsing Vulnerability | [CVE-2015-2455](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2455) | KeenTeam's Jihui Lu and Peter Hlavaty, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) | TrueType Font Parsing Vulnerability | [CVE-2015-2456](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2456) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) | OpenType Font Parsing Vulnerability | [CVE-2015-2458](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2458) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) | OpenType Font Parsing Vulnerability | [CVE-2015-2459](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2459) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) | OpenType Font Parsing Vulnerability | [CVE-2015-2460](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2460) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) | OpenType Font Parsing Vulnerability | [CVE-2015-2461](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2461) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) | OpenType Font Parsing Vulnerability | [CVE-2015-2462](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2462) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) | TrueType Font Parsing Vulnerability | [CVE-2015-2463](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2463) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS15-080](http://go.microsoft.com/fwlink/?linkid=619676) | TrueType Font Parsing Vulnerability | [CVE-2015-2464](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2464) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS15-079](http://go.microsoft.com/fwlink/?linkid=619622) | Memory Corruption Vulnerability | [CVE-2015-2442](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2442) | Linan Hao of the [Qihoo 360](http://www.360.cn/) Vulcan Team |
| [MS15-079](http://go.microsoft.com/fwlink/?linkid=619622) | Memory Corruption Vulnerability | [CVE-2015-2443](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2443) | An anonymous researcher, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-079](http://go.microsoft.com/fwlink/?linkid=619622) | Memory Corruption Vulnerability | [CVE-2015-2444](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2444) | Moritz Jodeit of Blue Frost Security |
| [MS15-079](http://go.microsoft.com/fwlink/?linkid=619622) | Security Feature Bypass Vulnerability | [CVE-2015-2445](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2445) | Jack Tang of [Trend Micro](http://www.trendmicro.com/) |
| [MS15-079](http://go.microsoft.com/fwlink/?linkid=619622) | Memory Corruption Vulnerability | [CVE-2015-2446](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2446) | Heige (a.k.a. SuperHei) from [Knownsec 404 Security Team](http://www.knownsec.com/) and Bo Qu of [Palo Alto Networks](https://www.paloaltonetworks.com/) |
| [MS15-079](http://go.microsoft.com/fwlink/?linkid=619622) | Memory Corruption Vulnerability | [CVE-2015-2447](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2447) | sweetchip@GRAYHASH |
| [MS15-079](http://go.microsoft.com/fwlink/?linkid=619622) | Memory Corruption Vulnerability | [CVE-2015-2448](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2448) | An anonymous researcher, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-079](http://go.microsoft.com/fwlink/?linkid=619622) | Security Feature Bypass Vulnerability | [CVE-2015-2449](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2449) | Linan Hao of the [Qihoo 360](http://www.360.cn/) Vulcan Team |
| [MS15-079](http://go.microsoft.com/fwlink/?linkid=619622) | Memory Corruption Vulnerability | [CVE-2015-2450](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2450) | 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-079](http://go.microsoft.com/fwlink/?linkid=619622) | Memory Corruption Vulnerability | [CVE-2015-2451](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2451) | 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-079](http://go.microsoft.com/fwlink/?linkid=619622) | Memory Corruption Vulnerability | [CVE-2015-2452](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2452) | 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| **July 2015** | |||
| [MS15-078](http://go.microsoft.com/fwlink/?linkid=618679) | OpenType Font Driver Vulnerability | [CVE-2015-2426](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2426) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS15-078](http://go.microsoft.com/fwlink/?linkid=618679) | OpenType Font Driver Vulnerability | [CVE-2015-2426](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2426) | Genwei Jiang of [FireEye, Inc.](http://www.fireeye.com/) |
| [MS15-078](http://go.microsoft.com/fwlink/?linkid=618679) | OpenType Font Driver Vulnerability | [CVE-2015-2426](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2426) | Moony Li of [TrendMicro Company](http://www.trendmicro.com/) |
| [MS15-077](http://go.microsoft.com/fwlink/?linkid=618023) | ATMFD.DLL Memory Corruption Vulnerability | [CVE-2015-2387](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2387) | [Google Project Zero](http://www.google.com/) and Morgan Marquis-Boire |
| [MS15-076](http://go.microsoft.com/fwlink/?linkid=616057) | Windows RPC Elevation of Privilege Vulnerability | [CVE-2015-2370](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2370) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| [MS15-075](http://go.microsoft.com/fwlink/?linkid=617381) | OLE Elevation of Privilege Vulnerability | [CVE-2015-2416](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2416) | Nicolas Joly @n_joly |
| [MS15-075](http://go.microsoft.com/fwlink/?linkid=617381) | OLE Elevation of Privilege Vulnerability | [CVE-2015-2417](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2417) | Nicolas Joly @n_joly |
| [MS15-074](http://go.microsoft.com/fwlink/?linkid=616061) | Windows Installer EoP Vulnerability | [CVE-2015-2371](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2371) | Mariusz Mlynski working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-073](http://go.microsoft.com/fwlink/?linkid=615996) | Win32k Elevation of Privilege Vulnerability | [CVE-2015-2363](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2363) | [enSilo](http://www.ensilo.com/) |
| [MS15-073](http://go.microsoft.com/fwlink/?linkid=615996) | Win32k Elevation of Privilege Vulnerability | [CVE-2015-2363](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2363) | Peng Qiu of 360Vulcan Team |
| [MS15-073](http://go.microsoft.com/fwlink/?linkid=615996) | Win32k Elevation of Privilege Vulnerability | [CVE-2015-2365](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2365) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS15-073](http://go.microsoft.com/fwlink/?linkid=615996) | Win32k Elevation of Privilege Vulnerability | [CVE-2015-2366](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2366) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS15-073](http://go.microsoft.com/fwlink/?linkid=615996) | Win32k Information Disclosure Vulnerability | [CVE-2015-2367](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2367) | WanderingGlitch of [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-073](http://go.microsoft.com/fwlink/?linkid=615996) | Win32k Information Disclosure Vulnerability | [CVE-2015-2381](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2381) | Matt Tait of [Google Project Zero](http://www.google.com/) |
| [MS15-073](http://go.microsoft.com/fwlink/?linkid=615996) | Win32k Information Disclosure Vulnerability | [CVE-2015-2382](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2382) | Matt Tait of [Google Project Zero](http://www.google.com/) |
| [MS15-072](http://go.microsoft.com/fwlink/?linkid=615999) | Graphics Component EOP Vulnerability | [CVE-2015-2364](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2364) | Nicolas Joly @n_joly |
| [MS15-070](http://go.microsoft.com/fwlink/?linkid=617382) | Microsoft Excel ASLR Bypass Vulnerability | [CVE-2015-2375](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2375) | 3S Labs working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-070](http://go.microsoft.com/fwlink/?linkid=617382) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-2376](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2376) | 3S Labs, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-070](http://go.microsoft.com/fwlink/?linkid=617382) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-2377](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2377) | 3S Labs, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-070](http://go.microsoft.com/fwlink/?linkid=617382) | Microsoft Excel DLL Remote Code Execution Vulnerability | [CVE-2015-2378](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2378) | M1x7e1(ShiXiaoLei) of [SafeyeTeam](http://www.safeye.org/) |
| [MS15-070](http://go.microsoft.com/fwlink/?linkid=617382) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-2379](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2379) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS15-070](http://go.microsoft.com/fwlink/?linkid=617382) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-2380](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2380) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
| [MS15-070](http://go.microsoft.com/fwlink/?linkid=617382) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-2415](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2415) | Jack Tang of [Trend Micro](http://www.trendmicro.com/) |
| [MS15-070](http://go.microsoft.com/fwlink/?linkid=617382) | Microsoft Office Remote Code Execution Vulnerability | [CVE-2015-2424](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2424) | The Labs Team of [iSIGHT Partners](http://www.isightpartners.com/) |
| [MS15-070](http://go.microsoft.com/fwlink/?linkid=617382) | Microsoft Office Remote Code Execution Vulnerability | [CVE-2015-2424](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2424) | Edward Fjellskål of Telenor CERT |
| [MS15-069](http://go.microsoft.com/fwlink/?linkid=616056) | Windows DLL Remote Code Execution Vulnerability | [CVE-2015-2368](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2368) | [Ashutosh Mehra](https://twitter.com/ashutoshmehra), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-069](http://go.microsoft.com/fwlink/?linkid=616056) | DLL Planting Remote Code Execution Vulnerability | [CVE-2015-2369](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2369) | Haifei Li of [McAfee Labs IPS Team](https://blogs.mcafee.com/category/mcafee-labs) |
| [MS15-068](http://go.microsoft.com/fwlink/?linkid=616065) | Hyper-V Buffer Overflow Vulnerability | [CVE-2015-2361](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2361) | Thomas Garnier of Microsoft |
| [MS15-068](http://go.microsoft.com/fwlink/?linkid=616065) | Hyper-V System Data Structure Vulnerability | [CVE-2015-2362](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2362) | Thomas Garnier of Microsoft |
| [MS15-066](http://go.microsoft.com/fwlink/?linkid=616062) | VBScript Memory Corruption Vulnerability | [CVE-2015-2372](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2372) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-066](http://go.microsoft.com/fwlink/?linkid=616062) | VBScript Memory Corruption Vulnerability | [CVE-2015-2372](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2372) | bilou, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Information Disclosure Vulnerability | [CVE-2015-1729](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1729) | Mashiro YAMADA |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1733](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1733) | JaeHun Jeong (@n3sk) of [WINS, WSEC Analysis Team](http://wins21.co.kr/) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1738](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1738) | Li Kemeng of [Baidu Anti-virus Team](http://anquan.baidu.com/) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1767](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1767) | An anonymous researcher, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1767](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1767) | Zheng Huang of the [Baidu Scloud XTeam](http://anquan.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2383](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2383) | Jason Kratzer, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2383](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2383) | Sky, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2383](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2383) | Liu Long of the [Qihoo 360](http://www.360.cn/) Vulcan Team |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2383](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2383) | Jihui Lu of KeenTeam (@K33nTeam) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2384](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2384) | Liu Long of the [Qihoo 360](http://www.360.cn/) Vulcan Team |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2385](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2385) | Liu Long of the [Qihoo 360](http://www.360.cn/) Vulcan Team |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2385](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2385) | ChenDong Li of [Tencent](http://tencent.com/) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2388](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2388) | B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2389](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2389) | Linan Hao of the [Qihoo 360](http://www.360.cn/) Vulcan Team |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2390](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2390) | Linan Hao of the [Qihoo 360](http://www.360.cn/) Vulcan Team |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2391](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2391) | Jack Tang of [Trend Micro Inc.](http://www.trendmicro.com/) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2397](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2397) | AA32AF9897C15779037CD4FC1C1C13D7, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2397](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2397) | A3F2160DCA1BDE70DA1D99ED267D5DC1EC336192, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2397](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2397) | Bo Qu of [Palo Alto Networks](https://www.paloaltonetworks.com/) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer XSS Filter Bypass Vulnerability | [CVE-2015-2398](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2398) | Mario Heiderich |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer XSS Filter Bypass Vulnerability | [CVE-2015-2398](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2398) | Carlos Munoz of [WhiteHat Security](https://www.whitehatsec.com/) (former) and [Trustwave SpiderLabs](https://www.trustwave.com/) (current) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Elevation of Privilege Vulnerability | [CVE-2015-2402](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2402) | [Ashutosh Mehra](https://twitter.com/ashutoshmehra), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2403](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2403) | ca0nguyen, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2404](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2404) | 4cbad7dc77d1a1af7d66b5ded6cd92a5, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2406](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2406) | B6BEB4D5E828CF0CCB47BB24AAC22515, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2408](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2408) | Zheng Huang of [Baidu Scloud XTeam](http://xlab.baidu.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Information Disclosure Vulnerability | [CVE-2015-2410](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2410) | A [Google Inc.](http://www.google.com/) employee |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2411](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2411) | JeongHoon Shin |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Information Disclosure Vulnerability | [CVE-2015-2412](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2412) | [Ashutosh Mehra](https://twitter.com/ashutoshmehra), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Information Disclosure Vulnerability | [CVE-2015-2413](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2414) | Hiroshi Suzuki of [Internet Initiative Japan Inc.](http://www.iij.ad.jp/en/) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Information Disclosure Vulnerability | [CVE-2015-2414](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2414) | Angelo Prado, Director, Product Security at [Salesforce](http://trust.salesforce.com/) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2422](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2422) | Bo Qu of [Palo Alto Networks](https://www.paloaltonetworks.com/) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2425](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2425) | Bill Finlayson, [Vectra Networks](http://www.vectranetworks.com/) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2425](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2425) | Dhanesh Kizhakkinan of [FireEye, Inc.](http://www.fireeye.com/) |
| [MS15-065](http://go.microsoft.com/fwlink/?linkid=616216) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-2425](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2425) | Peter Pi of [TrendMicro](http://www.trendmicro.com/) |
| [3074162](https://technet.microsoft.com/en-us/library/3074162.aspx) | MSRT Race Condition Vulnerability | [CVE-2015-2418](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2418) | James Forshaw of [Google Project Zero](http://www.google.com/) |
| **June 2015** | |||
| [MS15-063](http://go.microsoft.com/fwlink/?linkid=614961) | Windows LoadLibrary EoP Vulnerability | [CVE-2015-1758](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1758) | Takashi Yoshikawa of [Mitsui Bussan Secure Directions, Inc.](http://www.mbsd.jp/) |
| [MS15-062](http://go.microsoft.com/fwlink/?linkid=614960) | ADFS XSS Elevation of Privilege Vulnerability | [CVE-2015-1757](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1757) | “John Hollenberger” and “Tate Hansen from FishNet Security” |
| [MS15-061](http://go.microsoft.com/fwlink/?linkid=614959) | Microsoft Windows Kernel Information Disclosure Vulnerability | [CVE-2015-1719](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1719) | Guo Pengfei of [Qihoo 360](http://www.360.cn/) |
| [MS15-061](http://go.microsoft.com/fwlink/?linkid=614959) | Microsoft Windows Kernel Use After Free Vulnerability | [CVE-2015-1720](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1720) | KK of [Tencent’s Xuanwu LAB](http://www.tencent.com/) |
| [MS15-061](http://go.microsoft.com/fwlink/?linkid=614959) | Win32k Null Pointer Dereference Vulnerability | [CVE-2015-1721](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1721) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS15-061](http://go.microsoft.com/fwlink/?linkid=614959) | Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability | [CVE-2015-1722](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1722) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS15-061](http://go.microsoft.com/fwlink/?linkid=614959) | Microsoft Windows Station Use After Free Vulnerability | [CVE-2015-1723](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1723) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS15-061](http://go.microsoft.com/fwlink/?linkid=614959) | Microsoft Windows Kernel Object Use After Free Vulnerability | [CVE-2015-1724](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1724) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS15-061](http://go.microsoft.com/fwlink/?linkid=614959) | Win32k Buffer Overflow Vulnerability | [CVE-2015-1725](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1725) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS15-061](http://go.microsoft.com/fwlink/?linkid=614959) | Microsoft Windows Kernel Brush Object Use After Free Vulnerability | [CVE-2015-1726](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1726) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS15-061](http://go.microsoft.com/fwlink/?linkid=614959) | Win32k Pool Buffer Overflow Vulnerability | [CVE-2015-1727](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1727) | Nils Sommer of bytegeist, working with [Google Project Zero](http://www.google.com/) |
| [MS15-061](http://go.microsoft.com/fwlink/?linkid=614959) | Win32k Elevation of Privilege Vulnerability | [CVE-2015-2360](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2360) | Maxim Golovkin, [Kaspersky Lab](http://www.kaspersky.com/) |
| [MS15-061](http://go.microsoft.com/fwlink/?linkid=614959) | Win32k Elevation of Privilege Vulnerability | [CVE-2015-2360](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2360) | [enSilo Research Team](http://www.ensilo.com/) |
| [MS15-059](http://go.microsoft.com/fwlink/?linkid=614957) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-1759](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1759) | Ben Hawkes of [Google Project Zero](http://www.google.com/) |
| [MS15-059](http://go.microsoft.com/fwlink/?linkid=614957) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-1760](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1760) | Ben Hawkes of [Google Project Zero](http://www.google.com/) |
| [MS15-059](http://go.microsoft.com/fwlink/?linkid=614957) | Microsoft Office Uninitialized Memory Use Vulnerability | [CVE-2015-1770](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1770) | Yong Chuan Koh (@yongchuank) [MWR Labs](http://labs.mwrinfosecurity.com/) (@mwrlabs) |
| [MS15-057](http://go.microsoft.com/fwlink/?linkid=614954) | Windows Media Player RCE via DataObject Vulnerability | [CVE-2015-1728](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1728) | bilou, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1687](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1687) | Pengfei Guo of [Qihoo 360](http://www.360.cn/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1730](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1730) | SkyLined, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1731](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1731) | Zheng Huang of Baidu Scloud XTeam |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1732](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1732) | Linan Hao of the [Qihoo 360](http://www.360.cn/) Vulcan Team |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1735](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1735) | Zheng Huang of Baidu Scloud XTeam working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1736](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1736) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1736](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-) | An anonymous researcher, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1737](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1737) | Dhanesh Kizhakkinan of [FireEye, Inc.](http://www.fireeye.com/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Elevation of Privilege Vulnerability | [CVE-2015-1739](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1739) | Thomas Vanhoutte working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1740](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1740) | Chen Zhang ([demi6od](https://github.com/demi6od)) of [NSFOCUS Security Team](http://http/www.nsfocus.com/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1740](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1740) | Heige (a.k.a. SuperHei) from [Knownsec 404 Security Team](http://www.knownsec.com/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1740](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1740) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1741](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1741) | Chen Zhang ([demi6od](https://github.com/demi6od)) of [NSFOCUS Security Team](http://http/www.nsfocus.com/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1742](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1742) | Chen Zhang ([demi6od](https://github.com/demi6od)) of [NSFOCUS Security Team](http://http/www.nsfocus.com/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Elevation of Privilege Vulnerability | [CVE-2015-1743](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1743) | Haifei Li of [McAfee Labs IPS Team](https://blogs.mcafee.com/category/mcafee-labs) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Elevation of Privilege Vulnerability | [CVE-2015-1743](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-) | Yuki Chen of [Qihoo 360/Vulcan 360 Team](http://www.360.cn/) working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Elevation of Privilege Vulnerability | [CVE-2015-1743](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-) | Thomas Vanhoutte, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1744](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1744) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1744](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1744) | [National Engineering Laboratory for Mobile Internet System and Application Security, China](http://www.islab.net.cn/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1745](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1745) | Yuki Chen of [Qihoo 360](http://www.360.cn/) working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1747](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1747) | lokihardt@ASRT working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Elevation of Privilege Vulnerability | [CVE-2015-1748](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1748) | lokihardt@ASRT working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1750](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1750) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1751](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1751) | Jason Kratzer, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1752](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1752) | Kai Song (exp-sky) of [Tencent's Xuanwu LAB](http://www.tencent.com/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1752](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1752) | Henry Li of [Trend Micro](http://www.trendmicro.com/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1753](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1753) | Jihui Lu of KeenTeam (@K33nTeam) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1754](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1754) | Jack Tang of [Trend Micro](http://www.trendmicro.com/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1755](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1755) | 0016EECD9D7159A949DAD3BC17E0A939 working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1755](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1755) | Jason Kratzer, working with [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Defense-in-depth | ------------------- | רומן זאיקין |
| [MS15-056](http://go.microsoft.com/fwlink/?linkid=614953) | Defense-in-depth | ------------------- | An anonymous researcher, working with Beyond Security’s [SecuriTeam Secure Disclosure](http://www.beyondsecurity.com/ssd.html) team and [Ashutosh Mehra](https://twitter.com/ashutoshmehra) working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| Special thanks for working with Microsoft to make Internet Explorer more secure. | ------------------- | Xiaoyin Liu @general_nfs | |
| **May 2015** | |||
| [MS15-054](http://go.microsoft.com/fwlink/?linkid=533727) | Microsoft Management Console File Format Denial of Service Vulnerability | [CVE-2015-1681](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1681) | Michael Heerklotz, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-053](http://go.microsoft.com/fwlink/?linkid=533729) | VBScript ASLR Bypass | [CVE-2015-1684](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1684) | SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-053](http://go.microsoft.com/fwlink/?linkid=533729) | VBScript and JScript ASLR Bypass | [CVE-2015-1686](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1686) | Bill Finlayson of [BeyondTrust Inc](http://www.beyondtrust.com/) |
| [MS15-052](http://go.microsoft.com/fwlink/?linkid=533731) | Windows Kernel Security Feature Bypass Vulnerability | [CVE-2015-1674](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1674) | [lokihardt@ASRT](https://technet.microsoft.com/en-us/mailto:lokihardt@asrt), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-051](http://go.microsoft.com/fwlink/?linkid=533726) | Microsoft Windows Kernel Memory Disclosure Vulnerability | [CVE-2015-1676](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1676) | WanderingGlitch of [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-051](http://go.microsoft.com/fwlink/?linkid=533726) | Microsoft Windows Kernel Memory Disclosure Vulnerability | [CVE-2015-1677](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1677) | WanderingGlitch of [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-051](http://go.microsoft.com/fwlink/?linkid=533726) | Microsoft Windows Kernel Memory Disclosure Vulnerability | [CVE-2015-1678](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1678) | WanderingGlitch of [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-051](http://go.microsoft.com/fwlink/?linkid=533726) | Microsoft Windows Kernel Memory Disclosure Vulnerability | [CVE-2015-1679](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1679) | WanderingGlitch of [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-051](http://go.microsoft.com/fwlink/?linkid=533726) | Microsoft Windows Kernel Memory Disclosure Vulnerability | [CVE-2015-1680](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1680) | WanderingGlitch of [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-049](http://go.microsoft.com/fwlink/?linkid=534625) | Microsoft Silverlight Out of Browser Application Vulnerability | [CVE-2015-1715](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1715) | [Exodus Intelligence](https://www.exodusintel.com/) |
| [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) | .NET XML Decryption Denial of Service Vulnerability | [CVE-2015-1672](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1672) | John Heasman of [DocuSign](http://www.docusign..htm) |
| [MS15-048](http://go.microsoft.com/fwlink/?linkid=533716) | Windows Forms Elevation of Privilege Vulnerability | [CVE-2015-1673](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1673) | Kalle Niemitalo |
| [MS15-046](http://go.microsoft.com/fwlink/?linkid=533724) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-1682](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1682) | 3S Labs, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-046](http://go.microsoft.com/fwlink/?linkid=533724) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-1683](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1683) | Jack Tang of [Trend Micro](http://www.trendmicro.com/) |
| [MS15-046](http://go.microsoft.com/fwlink/?linkid=533724) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-1683](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1683) | Kai Lu of Fortinet's FortiGuard Labs |
| [MS15-045](http://go.microsoft.com/fwlink/?linkid=533722) | Windows Journal Remote Code Execution Vulnerability | [CVE-2015-1675](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1675) | Bill Finlayson of [Beyond Trust, Inc.](http://www.beyondtrust.com/) |
| [MS15-045](http://go.microsoft.com/fwlink/?linkid=533722) | Windows Journal Remote Code Execution Vulnerability | [CVE-2015-1695](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1695) | [Adith Sudhakar](https://www.linkedin.com/pub/adith-sudhakar/45/717/620), VMware |
| [MS15-045](http://go.microsoft.com/fwlink/?linkid=533722) | Windows Journal Remote Code Execution Vulnerability | [CVE-2015-1696](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1696) | Rohit Mothe of [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-045](http://go.microsoft.com/fwlink/?linkid=533722) | Windows Journal Remote Code Execution Vulnerability | [CVE-2015-1697](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1697) | Rohit Mothe of [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-045](http://go.microsoft.com/fwlink/?linkid=533722) | Windows Journal Remote Code Execution Vulnerability | [CVE-2015-1698](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1698) | [Adith Sudhakar](https://www.linkedin.com/pub/adith-sudhakar/45/717/620), VMware |
| [MS15-045](http://go.microsoft.com/fwlink/?linkid=533722) | Windows Journal Remote Code Execution Vulnerability | [CVE-2015-1698](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1698) | Rohit Mothe of [VeriSign iDefense Labs](http://www.verisigninc.com/en_us/cyber-security/index.xhtml) |
| [MS15-045](http://go.microsoft.com/fwlink/?linkid=533722) | Windows Journal Remote Code Execution Vulnerability | [CVE-2015-1699](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1699) | Steven Seeley of [Source Incite](http://srcincite.io/) |
| [MS15-044](http://go.microsoft.com/fwlink/?linkid=533715) | OpenType Font Parsing Vulnerability | [CVE-2015-1670](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1670) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS15-044](http://go.microsoft.com/fwlink/?linkid=533715) | TrueType Font Parsing Vulnerability | [CVE-2015-1671](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1671) | Dan Caselden of [FireEye, Inc.](https://www.fireeye.com/) |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1658](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1658) | Jason Kratzer, working with [VeriSign iDefense Labs](http://labs.idefense.com/) |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1658](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1658) | [National Engineering Laboratory for Mobile Internet System and Application Security, China](http://www.islab.net.cn/) |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | VBScript ASLR Bypass | [CVE-2015-1684](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1684) | SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer ASLR Bypass | [CVE-2015-1685](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1685) | Hao Linan of 360 Vulcan Team |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer ASLR Bypass | [CVE-2015-1685](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1685) | Dhanesh Kizhakkinan of [FireEye, Inc.](https://www.fireeye.com/) |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer ASLR Bypass | [CVE-2015-1685](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1685) | Li Kemeng of [Baidu Scloud XTeam](http://xlab.baidu.com/) |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | VBScript and JScript ASLR Bypass | [CVE-2015-1686](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1686) | Bill Finlayson of [BeyondTrust Inc](http://www.beyondtrust.com/) |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer Elevation of Privilege Vulnerability | [CVE-2015-1688](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1688) | Ashutosh Mehra |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1689](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1689) | Jihui Lu of [KeenTeam](http://www.k33nteam.org/) (@K33nTeam) |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1691](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1691) | Jihui Lu of [KeenTeam](http://www.k33nteam.org/) (@K33nTeam) |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer Clipboard Information Disclosure Vulnerability | [CVE-2015-1692](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1692) | Daniel Trebbien |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer Clipboard Information Disclosure Vulnerability | [CVE-2015-1692](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1692) | Vincent Lee of TELUS Security Labs |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1694](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1694) | Jack Tang of [Trend Micro](http://www.trendmicro.com/) |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer Elevation of Privilege Vulnerability | [CVE-2015-1703](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1703) | Akitsugu |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer Elevation of Privilege Vulnerability | [CVE-2015-1704](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1704) | Mario Heiderich |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1705](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1705) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1706](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1706) | Zheng Huang of Baidu Scloud XTeam working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1708](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1708) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1709](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1709) | Jack Tang of [Trend Micro](http://www.trendmicro.com/) |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1709](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1709) | Zheng Huang of Baidu Scloud XTeam working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1710](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1710) | Dhanesh Kizhakkinan of [FireEye, Inc.](http://www.fireeye.com/) |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1711](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1711) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1712](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1712) | sweetchip@GRAYHASH |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer Elevation of Privilege Vulnerability | [CVE-2015-1713](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1713) | Ashutosh Mehra |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1714](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1714) | sweetchip@GRAYHASH, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1717](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1717) | 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-043](http://go.microsoft.com/fwlink/?linkid=533730) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1718](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1718) | Jihui Lu of KeenTeam (@K33nTeam) |
| **April 2015** | |||
| [MS15-042](http://go.microsoft.com/fwlink/?linkid=532644) | Windows Hyper-V DoS Vulnerability | [CVE-2015-1647](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1647) | Dmitry Alikov of [Veeam Software AG](http://www.veeam.com/) |
| [MS15-039](http://go.microsoft.com/fwlink/?linkid=532641) | MSXML3 Same Origin Policy SFB vulnerability | [CVE-2015-1646](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1646) | Hormazd Billimoria, Xiaoran Wang, Sergey Gorbaty, Anton Rager, and Jonathan Brossard of [Salesforce.com](http://salesforce.com/) |
| [MS15-038](http://go.microsoft.com/fwlink/?linkid=532639) | NtCreateTransactionManager Type Confusion Vulnerability | [CVE-2015-1643](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1643) | James Forshaw of [Google Project Zero](https://www.google.com/) |
| [MS15-038](http://go.microsoft.com/fwlink/?linkid=532639) | Windows MS-DOS Device Name Elevation of Privilege Vulnerability | [CVE-2015-1644](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1644) | James Forshaw of [Google Project Zero](https://www.google.com/) |
| [MS15-037](http://go.microsoft.com/fwlink/?linkid=532635) | Task Scheduler Elevation of Privilege Vulnerability | [CVE-2015-0098](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0098) | Renato Ettisberger of [IOprotect GmbH](http://www.ioprotect.ch/) |
| [MS15-035](http://go.microsoft.com/fwlink/?linkid=532631) | EMF Processing Remote Code Execution Vulnerability | [CVE-2015-1645](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1645) | Hossein Lotfi, [Secunia Research](http://secunia.com/) |
| [MS15-034](http://go.microsoft.com/fwlink/?linkid=532630) | HTTP.sys Remote Code Execution Vulnerability | [CVE-2015-1635](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1635) | The Citrix Security Response Team |
| [MS15-033](http://go.microsoft.com/fwlink/?linkid=532628) | Microsoft Outlook App for Mac XSS Vulnerability | [CVE-2015-1639](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1639) | Rakesh Dharmavaram |
| [MS15-033](http://go.microsoft.com/fwlink/?linkid=532628) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-1641](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1641) | The Labs Team of [iSIGHT Partners](http://www.isightpartners.com/) |
| [MS15-033](http://go.microsoft.com/fwlink/?linkid=532628) | Microsoft Office Component Use After Free Vulnerability | [CVE-2015-1649](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1649) | Jack Tang of [Trend Micro](http://www.trendmicro.com/) |
| [MS15-033](http://go.microsoft.com/fwlink/?linkid=532628) | Microsoft Office Component Use After Free Vulnerability | [CVE-2015-1649](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1649) | Dan Caselden of [FireEye, Inc.](http://www.fireeye.com/) |
| [MS15-033](http://go.microsoft.com/fwlink/?linkid=532628) | Microsoft Office Component Use After Free Vulnerability | [CVE-2015-1650](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1650) | 3S Labs, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-033](http://go.microsoft.com/fwlink/?linkid=532628) | Defense-in-depth change in this bulletin | ------------------- | Chris Parmer of [Plotly](https://plot.ly/) |
| [MS15-033](http://go.microsoft.com/fwlink/?linkid=532628) | Microsoft Office Component Use After Free Vulnerability | [CVE-2015-1651](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1651) | Ben Hawkes of [Google Project Zero](https://www.google.com/) |
| [MS15-032](http://go.microsoft.com/fwlink/?linkid=532626) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1652](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1652) | 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-032](http://go.microsoft.com/fwlink/?linkid=532626) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1657](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1657) | Jihui Lu of [KeenTeam](http://www.k33nteam.org/) (@K33nTeam) |
| [MS15-032](http://go.microsoft.com/fwlink/?linkid=532626) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1659](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1659) | Jason Kratzer, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-032](http://go.microsoft.com/fwlink/?linkid=532626) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1660](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1660) | Arthur Gerkis, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-032](http://go.microsoft.com/fwlink/?linkid=532626) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1661](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1661) | AbdulAziz Hariri, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-032](http://go.microsoft.com/fwlink/?linkid=532626) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1665](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1665) | AMol NAik & Garage4Hackers, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-032](http://go.microsoft.com/fwlink/?linkid=532626) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1666](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1666) | b0nd@garage4hackers@, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-032](http://go.microsoft.com/fwlink/?linkid=532626) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1667](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1667) | ca0nguyen, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-032](http://go.microsoft.com/fwlink/?linkid=532626) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1668](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1668) | Omair, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| **March 2015** | |||
| [MS15-029](http://go.microsoft.com/fwlink/?linkid=526464) | JPEG XR Parser Information Disclosure Vulnerability | [CVE-2015-0076](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0076) | Michal Zalewski of [Google Inc.](http://www.google.com/) |
| [MS15-028](http://go.microsoft.com/fwlink/?linkid=526468) | Task Scheduler Security Feature Bypass Vulnerability | [CVE-2015-0084](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0084) | James Forshaw of [Google Project Zero](https://www.google.com/) |
| [MS15-027](http://go.microsoft.com/fwlink/?linkid=522530) | NETLOGON Spoofing Vulnerability | [CVE-2015-0005](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0005) | This vulnerability was discovered and researched by Alberto Solino from Core Security. The publication of [this advisory](http://www.coresecurity.com/advisories/windows-pass-through-authentication-methods-improper-validation) was coordinated by Joaquín Rodríguez Varela from the Core Advisories Team. |
| [MS15-026](http://go.microsoft.com/fwlink/?linkid=526458) | OWA Modified Canary Parameter Cross Site Scripting Vulnerability | [CVE-2015-1628](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1628) | [Francisco Correa](http://cl.linkedin.com/pub/francisco-correa/76/428/7ba/) |
| [MS15-026](http://go.microsoft.com/fwlink/?linkid=526458) | ExchangeDLP Cross Site Scripting Vulnerability | [CVE-2015-1629](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1629) | Adi Ivascu |
| [MS15-026](http://go.microsoft.com/fwlink/?linkid=526458) | Audit Report Cross Site Scripting Vulnerability | [CVE-2015-1630](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1630) | Adi Ivascu |
| [MS15-026](http://go.microsoft.com/fwlink/?linkid=526458) | Exchange Forged Meeting Request Spoofing Vulnerability | [CVE-2015-1631](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1631) | Nicolai Grodum |
| [MS15-026](http://go.microsoft.com/fwlink/?linkid=526458) | Exchange Error Message Cross Site Scripting Vulnerability | [CVE-2015-1632](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1632) | [Darius Petrescu](https://twitter.com/@akkilion_) |
| [MS15-025](http://go.microsoft.com/fwlink/?linkid=526462) | Registry Virtualization Elevation of Privilege Vulnerability | [CVE-2015-0073](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0073) | James Forshaw of [Google Project Zero](https://www.google.com/) |
| [MS15-024](http://go.microsoft.com/fwlink/?linkid=526465) | Malformed PNG Parsing Information Disclosure Vulnerability | [CVE-2015-0080](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0080) | Michal Zalewski of [Google Inc.](http://www.google.com/) |
| [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460) | Microsoft Windows Kernel Memory Disclosure Vulnerability | [CVE-2015-0077](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0077) | WanderingGlitch, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460) | Win32k Elevation of Privilege Vulnerability | [CVE-2015-0078](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0078) | James Forshaw of [Google Project Zero](https://www.google.com/) |
| [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460) | Win32k Elevation of Privilege Vulnerability | [CVE-2015-0078](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0078) | Ashutosh Mehra of Adobe Systems Inc. |
| [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460) | Microsoft Windows Kernel Memory Disclosure Vulnerability | [CVE-2015-0094](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0094) | WanderingGlitch, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460) | Microsoft Windows Kernel Memory Disclosure Vulnerability | [CVE-2015-0095](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0095) | KK of Xuanwu Lab of [Tencent](http://www.tencent.com/) |
| [MS15-022](http://go.microsoft.com/fwlink/?linkid=526461) | Microsoft Office Component Use After Free Vulnerability | [CVE-2015-0085](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0085) | 3S Labs, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-022](http://go.microsoft.com/fwlink/?linkid=526461) | Microsoft Office Memory Corruption Vulnerability | [CVE-2015-0086](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0086) | Ben Hawkes of [Google Project Zero](http://www.google.com/) |
| [MS15-022](http://go.microsoft.com/fwlink/?linkid=526461) | Microsoft Word Local Zone Remote Code Execution Vulnerability | [CVE-2015-0097](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0097) | Eduardo Prado, working with Beyond Security’s [SecuriTeam Secure Disclosure](http://www.beyondsecurity.com/ssd.html) team |
| [MS15-022](http://go.microsoft.com/fwlink/?linkid=526461) | Microsoft SharePoint XSS Vulnerability | [CVE-2015-1633](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1633) | Adi Ivascu |
| [MS15-022](http://go.microsoft.com/fwlink/?linkid=526461) | Microsoft SharePoint XSS Vulnerability | [CVE-2015-1636](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1636) | Adi Ivascu |
| [MS15-021](http://go.microsoft.com/fwlink/?linkid=526457) | Adobe Font Driver Denial of Service Vulnerability | [CVE-2015-0074](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0074) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS15-021](http://go.microsoft.com/fwlink/?linkid=526457) | Adobe Font Driver Information Disclosure Vulnerability | [CVE-2015-0087](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0087) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS15-021](http://go.microsoft.com/fwlink/?linkid=526457) | Adobe Font Driver Remote Code Execution Vulnerability | [CVE-2015-0088](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0088) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS15-021](http://go.microsoft.com/fwlink/?linkid=526457) | Adobe Font Driver Information Disclosure Vulnerability | [CVE-2015-0089](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0089) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS15-021](http://go.microsoft.com/fwlink/?linkid=526457) | Adobe Font Driver Remote Code Execution Vulnerability | [CVE-2015-0090](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0090) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS15-021](http://go.microsoft.com/fwlink/?linkid=526457) | Adobe Font Driver Remote Code Execution Vulnerability | [CVE-2015-0091](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0091) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS15-021](http://go.microsoft.com/fwlink/?linkid=526457) | Adobe Font Driver Remote Code Execution Vulnerability | [CVE-2015-0092](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0092) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS15-021](http://go.microsoft.com/fwlink/?linkid=526457) | Adobe Font Driver Remote Code Execution Vulnerability | [CVE-2015-0092](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0092) | s3tm3m, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-021](http://go.microsoft.com/fwlink/?linkid=526457) | Adobe Font Driver Remote Code Execution Vulnerability | [CVE-2015-0093](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0093) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
| [MS15-020](http://go.microsoft.com/fwlink/?linkid=526456) | WTS Remote Code Execution Vulnerability | [CVE-2015-0081](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0081) | Garage4Hackers, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-020](http://go.microsoft.com/fwlink/?linkid=526456) | WTS Remote Code Execution Vulnerability | [CVE-2015-0081](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0081) | Francis Provencher of Protek Research Lab’s |
| [MS15-020](http://go.microsoft.com/fwlink/?linkid=526456) | DLL Planting Remote Code Execution Vulnerability | [CVE-2015-0096](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0096) | Michael Heerklotz, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-019](http://go.microsoft.com/fwlink/?linkid=526467) | VBScript Memory Corruption Vulnerability | [CVE-2015-0032](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0032) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) | VBScript Memory Corruption Vulnerability | [CVE-2015-0032](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0032) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0056](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0056) | 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0056](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0056) | Jihui Lu of [KeenTeam](http://www.k33nteam.org/) (@K33nTeam) |
| [MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0099](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0099) | SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0100](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0100) | ca0nguyen, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1622](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1622) | SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1622](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1622) | AMol NAik, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1623](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1623) | 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1624](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1624) | Arthur Gerkis, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1625](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1625) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1626](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1626) | ca0nguyen, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) | Internet Explorer Elevation of Privilege Vulnerability | [CVE-2015-1627](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1627) | Ashutosh Mehra |
| [MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-1634](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1634) | An anonymous researcher, working with Beyond Security’s [SecuriTeam Secure Disclosure](http://www.beyondsecurity.com/ssd.html) team |
| [MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) | Defense-in-depth change in this bulletin | ------------------- | Michal Zalewski of [Google Project Zero](http://www.google.com/) |
| [MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) | Defense-in-depth change in this bulletin | ------------------- | Zhang YunHai, [NSFOCUS Security Team](http://www.nsfocus.com/) |
| [MS15-018](http://go.microsoft.com/fwlink/?linkid=526452) | Defense-in-depth change in this bulletin | ------------------- | Noriaki Iwasaki of [Cyber Defense Institute, Inc.](http://www.cyberdefense.jp/) |
| **February 2015** | |||
| [MS15-016](http://go.microsoft.com/fwlink/?linkid=525539) | TIFF Processing Information Disclosure Vulnerability | [CVE-2015-0061](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0061) | Michal Zalewski of [Google Inc.](http://www.google.com/) |
| [MS15-015](http://go.microsoft.com/fwlink/?linkid=525538) | Windows Create Process Elevation of Privilege Vulnerability | [CVE-2015-0062](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0062) | James Forshaw of [Google Project Zero](https://www.google.com/) |
| [MS15-014](http://go.microsoft.com/fwlink/?linkid=522532) | Group Policy Security Feature Bypass Vulnerability | [CVE-2015-0009](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0009) | Luke Jennings |
| [MS15-012](http://go.microsoft.com/fwlink/?linkid=525537) | Excel Remote Code Execution Vulnerability | [CVE-2015-0063](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0063) | Fermin J. Serna of the [Google Security Team](http://www.google.com/) |
| [MS15-012](http://go.microsoft.com/fwlink/?linkid=525537) | Office Remote Code Execution Vulnerability | [CVE-2015-0064](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0064) | Ben Hawkes of [Google Project Zero](http://www.google.com/) |
| [MS15-012](http://go.microsoft.com/fwlink/?linkid=525537) | OneTableDocumentStream Remote Code Execution Vulnerability | [CVE-2015-0065](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0065) | Ben Hawkes of [Google Project Zero](http://www.google.com/) |
| [MS15-011](http://go.microsoft.com/fwlink/?linkid=525536) | Group Policy Remote Code Execution Vulnerability | [CVE-2015-0008](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0008) | Jeff Schmidt of [JAS Global Advisors](https://www.jasadvisors.com/) |
| [MS15-011](http://go.microsoft.com/fwlink/?linkid=525536) | Group Policy Remote Code Execution Vulnerability | [CVE-2015-0008](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0008) | Dr. Arnoldo Muller-Molina of [simMachines](http://www.simmachines.com/) |
| [MS15-011](http://go.microsoft.com/fwlink/?linkid=525536) | Group Policy Remote Code Execution Vulnerability | [CVE-2015-0008](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0008) | The Internet Corporation for Assigned Names and Numbers ([ICANN](https://www.icann.org/)) |
| [MS15-010](http://go.microsoft.com/fwlink/?linkid=525535) | Win32k Elevation of Privilege Vulnerability | [CVE-2015-0003](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0003) | Marcin Wiazowski, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-010](http://go.microsoft.com/fwlink/?linkid=525535) | CNG Security Feature Bypass Vulnerability | [CVE-2015-0010](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0010) | James Forshaw of [Google Project Zero](https://www.google.com/) |
| [MS15-010](http://go.microsoft.com/fwlink/?linkid=525535) | Win32k Elevation of Privilege Vulnerability | [CVE-2015-0057](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0057) | Udi Yavo, CTO of enSilo |
| [MS15-010](http://go.microsoft.com/fwlink/?linkid=525535) | Windows Cursor Object Double Free Vulnerability | [CVE-2015-0058](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0058) | n3phos, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-010](http://go.microsoft.com/fwlink/?linkid=525535) | TrueType Font Parsing Remote Code Execution Vulnerability | [CVE-2015-0059](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0059) | Cris Neckar of Divergent Security |
| [MS15-010](http://go.microsoft.com/fwlink/?linkid=525535) | Windows Font Driver Denial of Service Vulnerability | [CVE-2015-0060](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0060) | Cris Neckar of Divergent Security |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0017](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0017) | [Aniway.Anyway@gmail.com](mailto:aniway.anyway@gmail.com), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0017](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0017) | Adlab of [Venustech](https://technet.microsoft.com/en-us/library/_venustech.com.cn(v=Security.10)) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0018](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0018) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0019](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0019) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0020](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0020) | Liu Long of [Qihoo 360](http://www.360.cn/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0021](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0021) | Liu Long of [Qihoo 360](http://www.360.cn/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0022](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0022) | Yujie Wen of [Qihoo 360](http://www.360.cn/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0023](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0023) | José A. Vázquez of [VeriSign iDefense Labs](http://labs.idefense.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0025](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0025) | An anonymous researcher, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0026](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0026) | [Chen Zhang (demi6od)](https://github.com/demi6od) of [NSFOCUS Security Team](http://www.nsfocus.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0027](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0027) | Jason Kratzer, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0028](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0028) | Yujie Wen of [Qihoo 360](http://www.360.cn/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0029](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0029) | Yuki Chen of [Qihoo 360](http://www.360.cn/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0030](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0030) | [Chen Zhang (demi6od)](https://github.com/demi6od) of [NSFOCUS Security Team](http://www.nsfocus.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0031](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0031) | [Aniway.Anyway@gmail.com](mailto:aniway.anyway@gmail.com), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0035](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0035) | Sky, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0035](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0035) | Pawel Wylecial, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0035](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0035) | Li Kemeng of [Baidu Anti-virus Team](http://anquan.baidu.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0036](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0036) | An anonymous researcher, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0037](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0037) | sweetchip@GRAYHASH, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0038](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0038) | An anonymous researcher, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0038](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0038) | Dhanesh Kizhakkinan of [FireEye, Inc.](http://www.fireeye.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0038](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0038) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0039](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0039) | Jihui Lu of [KeenTeam](http://www.k33nteam.org/) (@K33nTeam) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0040](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0040) | SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0041](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0041) | 0016EECD9D7159A949DAD3BC17E0A939, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0041](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0041) | An anonymous researcher, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0041](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0041) | Li Kemeng of [Baidu Anti-virus Team](http://anquan.baidu.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0042](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0042) | [Omair](http://krash.in/) working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0043](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0043) | [Omair](http://krash.in/) working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0044](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0044) | ca0nguyen, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0045](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0045) | ca0nguyen, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0045](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0045) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0046](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0046) | Stephen Fewer of [Harmony Security](http://www.harmonysecurity.com/), working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0048](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0048) | SkyLined |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0049](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0049) | SkyLined |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0050](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0050) | SkyLined |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer ASLR Bypass Vulnerability | [CVE-2015-0051](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0051) | SkyLined |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0052](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0052) | SkyLined |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0053](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0053) | SkyLined, working with [HP’s](http://www.hpenterprisesecurity.com/products) [Zero Day Initiative](http://www.zerodayinitiative.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0053](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0053) | Tao Qiu of Huawei's IT Infrastructure & Security Dept, BP & IT |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Elevation of Privilege Vulnerability | [CVE-2015-0055](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0055) | James Forshaw of [Google Project Zero](https://www.google.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0066](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0066) | Edward Torkington of [NCC Group](https://www.nccgroup.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0066](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0066) | Jihui Lu of [KeenTeam](http://www.k33nteam.org/) (@K33nTeam) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0067](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0067) | Peter Vreugdenhil of [exodusintel.com](https://www.exodusintel.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer Memory Corruption Vulnerability | [CVE-2015-0068](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0068) | Bo Qu of [Palo Alto Networks](http://www.paloaltonetworks.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer ASLR Bypass Vulnerability | [CVE-2015-0069](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0069) | Jack Tang of [Trend Micro](http://www.trendmicro.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer ASLR Bypass Vulnerability | [CVE-2015-0071](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0071) | The Labs Team of [iSIGHT Partners](http://www.isightpartners.com/) |
| [MS15-009](http://go.microsoft.com/fwlink/?linkid=525534) | Internet Explorer ASLR Bypass Vulnerability | [CVE-2015-0071](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0071) | Clement Lecigne of [Google Inc.](http://www.google.com/) |
| **January 2015** | |||
| [MS15-008](http://go.microsoft.com/fwlink/?linkid=522533) | WebDAV Elevation of Privilege Vulnerability | [CVE-2015-0011](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0011) | James Forshaw of [Google Project Zero](https://www.google.com/) |
| [MS15-006](http://go.microsoft.com/fwlink/?linkid=522535) | Windows Error Reporting Security Feature Bypass Vulnerability | [CVE-2015-0001](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0001) | Alex Ionescu of Winsider Seminars & Solutions Inc. and CrowdStrike Inc. |
| [MS15-005](http://go.microsoft.com/fwlink/?linkid=522531) | NLA Security Feature Bypass Vulnerability | [CVE-2015-0006](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0006) | Jonas Vestberg of [Sentor](http://www.sentor.se/) |
| [MS15-004](http://go.microsoft.com/fwlink/?linkid=522521) | Directory Traversal Elevation of Privilege Vulnerability | [CVE-2015-0016](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0016) | Liam O’Murchu of [Symantec](http://www.symantec.com/) |
| [MS15-002](http://go.microsoft.com/fwlink/?linkid=522537) | Windows Telnet Service Buffer Overflow Vulnerability | [CVE-2015-0014](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0014) | Daiyuu Nobori and Christopher Hiroshi Higuchi SMITH of the [University of Tsukuba](http://www.tsukuba.ac.jp/) |