Acknowledgments - 2017
Microsoft extends thanks to the following for working with us to help protect customers.
Bulletin ID | Vulnerability Title | CVE ID | Acknowledgment |
---|---|---|---|
March 2017 | |||
MS17-022 | Microsoft XML Core Services Information Disclosure Vulnerability | CVE-2017-0022 | Brooks Li and Joseph C Chen, Trend Micro |
MS17-022 | Microsoft XML Core Services Information Disclosure Vulnerability | CVE-2017-0022 | Will Metcalf and Kafeine of Proofpoint |
MS17-021 | Windows DirectShow Information Disclosure Vulnerabitliy | CVE-2017-0042 | Abdulrahman Alqabandi (@qab) |
MS17-020 | Windows DVD Maker Cross-Site Request Forgery Vulnerability | CVE-2017-0045 | John Page (hyp3rlinx), ApparitionSec |
MS17-018 | Win32k Elevation of Privilege Vulnerability | CVE-2017-0024 | Hao Linan of Qihoo 360 Vulcan Team, working with POC/PwnFest |
MS17-018 | Win32k Elevation of Privilege Vulnerability | CVE-2017-0024 | pgboy of Qihoo 360 Vulcan Team working with POC/PwnFest |
MS17-018 | Win32k Elevation of Privilege Vulnerability | CVE-2017-0024 | zhong_sf of Qihoo 360 Vulcan Team working with POC/PwnFest |
MS17-018 | Win32k Elevation of Privilege Vulnerability | CVE-2017-0026 | Hao Linan of Qihoo 360 Vulcan Team, working with POC/PwnFest |
MS17-018 | Win32k Elevation of Privilege Vulnerability | CVE-2017-0026 | pgboy of Qihoo 360 Vulcan Team working with POC/PwnFest |
MS17-018 | Win32k Elevation of Privilege Vulnerability | CVE-2017-0026 | zhong_sf of Qihoo 360 Vulcan Team working with POC/PwnFest |
MS17-018 | Win32k Elevation of Privilege Vulnerability | CVE-2017-0056 | Peter Hlavaty (@zer0mem), KeenLab, Tencent |
MS17-018 | Win32k Elevation of Privilege Vulnerability | CVE-2017-0056 | pgboy and zhong_sf of Qihoo 360 Vulcan Team |
MS17-018 | Win32k Elevation of Privilege Vulnerability | CVE-2017-0078 | pgboy and zhong_sf of Qihoo 360 Vulcan Team |
MS17-018 | Win32k Elevation of Privilege Vulnerability | CVE-2017-0079 | pgboy and zhong_sf of Qihoo 360 Vulcan Team |
MS17-018 | Win32k Elevation of Privilege Vulnerability | CVE-2017-0080 | pgboy and zhong_sf of Qihoo 360 Vulcan Team |
MS17-018 | Win32k Elevation of Privilege Vulnerability | CVE-2017-0081 | pgboy and zhong_sf of Qihoo 360 Vulcan Team |
MS17-018 | Win32k Elevation of Privilege Vulnerability | CVE-2017-0082 | pgboy and zhong_sf of Qihoo 360 Vulcan Team |
MS17-017 | Windows Elevation of Privilege Vulnerability | CVE-2017-0101 | Peter Hlavaty (@zer0mem), KeenLab, Tencent |
MS17-017 | Windows Registry Elevation of Privilege Vulnerability | CVE-2017-0103 | James Forshaw of Google Project Zero |
MS17-017 | Windows Registry Elevation of Privilege Vulnerability | CVE-2017-0103 | Mateusz Jurczyk of Google Project Zero |
MS17-016 | Microsoft IIS Server XSS Elevation of Privilege Vulnerability | CVE-2017-0055 | David Fernandez of Sidertia Solutions |
MS17-015 | Microsoft Exchange Elevation of Privilege Vulnerability | CVE-2017-0110 | Gabruel Lima (@gabrielpato) |
MS17-014 | Microsoft Office Memory Corruption Vulnerability | CVE-2017-0006 | Yangkang & Liyadong & Wanglu of Qihoo 360 Qex Team |
MS17-014 | Microsoft Office Memory Corruption Vulnerability | CVE-2017-0019 | Tony Loi of Fortinet's FortiGuard Labs |
MS17-014 | Microsoft Office Memory Corruption Vulnerability | CVE-2017-0019 | Steven Vittitoe of Google Project Zero |
MS17-014 | Microsoft Office Memory Corruption Vulnerability | CVE-2017-0020 | Qiang Liu, McAfee |
MS17-014 | Microsoft Office Information Disclosure Vulnerability | CVE-2017-0027 | Jaanus Kääp of Clarified Security |
MS17-014 | Microsoft Office Denial of Service Vulnerability | CVE-2017-0029 | David Wind of XSEC infosec GmbH |
MS17-014 | Microsoft Office Memory Corruption Vulnerability | CVE-2017-0030 | @j00sean |
MS17-014 | Microsoft Office Memory Corruption Vulnerability | CVE-2017-0031 | @j00sean |
MS17-014 | Microsoft Office Memory Corruption Vulnerability | CVE-2017-0052 | Yangkang & Liyadong & Wanglu of Qihoo 360 Qex Team |
MS17-014 | Microsoft Office Memory Corruption Vulnerability | CVE-2017-0053 | Haifei Li of Intel Security |
MS17-014 | Microsoft Office Information Disclosure Vulnerability | CVE-2017-0105 | Fortinet’s FortiGuard Labs |
MS17-014 | Microsoft SharePoint XSS Vulnerability | CVE-2017-0107 | Cheah Khai Ee, (@MercurialSec) |
MS17-014 | Microsoft Lync for Mac Certificate Validation Vulnerability | CVE-2017-0129 | Jerry Decime, Hewlett Packard Enterprise |
MS17-014 | Defense-in-depth | ----------------- | @j00sean |
MS17-013 | Windows GDI Elevation of Privilege Vulnerability | CVE-2017-0001 | Peter Hlavaty (@zer0mem), KeenLab, Tencent |
MS17-013 | Windows GDI Elevation of Privilege Vulnerability | CVE-2017-0005 | Lockheed Martin Computer Incident Response Team |
MS17-013 | Windows Graphics Component Remote Code Execution Vulnerability | CVE-2017-0014 | Hossein Lotfi, Secunia Research at Flexera Software |
MS17-013 | Windows GDI Elevation of Privilege Vulnerability | CVE-2017-0025 | Lokihart working with POC/PwnFest |
MS17-013 | Windows Graphics Component Information Disclosure Vulnerability | CVE-2017-0038 | Mateusz Jurczyk of Google Project Zero |
MS17-013 | Windows GDI Elevation of Privilege Vulnerability | CVE-2017-0047 | bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS17-013 | GDI+ Information Disclosure vulnerability | CVE-2017-0060 | Mateusz Jurczyk of Google Project Zero |
MS17-013 | Microsoft Color Management Information Disclosure vulnerability | CVE-2017-0061 | Mateusz Jurczyk of Google Project Zero |
MS17-013 | GDI+ Information Disclosure Vulnerability | CVE-2017-0062 | Mateusz Jurczyk of Google Project Zero |
MS17-013 | Microsoft Color Management Information Disclosure vulnerability | CVE-2017-0063 | Mateusz Jurczyk of Google Project Zero |
MS17-013 | Windows GDI+ Information Disclosure Vulnerability | CVE-2017-0073 | Symeon Paraschoudis of SensePost |
MS17-013 | Graphics Component Remote Code Execution Vulnerability | CVE-2017-0108 | Mateusz Jurczyk of Google Project Zero |
MS17-012 | Device Guard Security Feature Bypass Vulnerability | CVE-2017-0007 | Matt Nelson (@enigma0x3) |
MS17-012 | Windows DLL Loading Remote Code Execution Vulnerability | CVE-2017-0039 | lywang of Tencent’s Xuanwu LAB |
MS17-012 | Windows DNS Query Information Disclosure Vulnerability | CVE-2017-0057 | Martin Knafve - |
MS17-012 | Windows COM Elevation of Privilege Vulnerability | CVE-2017-0100 | James Forshaw of Google Project Zero |
MS17-012 | iSNS Server Memory Corruption Vulnerability | CVE-2017-0104 | Fortinet’s FortiGuard Labs |
MS17-011 | Uniscribe Remote Code Execution Vulnerability | CVE-2017-0072 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Remote Code Execution Vulnerability | CVE-2017-0083 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Remote Code Execution Vulnerability | CVE-2017-0084 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Information Disclosure Vulnerability | CVE-2017-0085 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Remote Code Execution Vulnerability | CVE-2017-0086 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Remote Code Execution Vulnerability | CVE-2017-0087 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Remote Code Execution Vulnerability | CVE-2017-0088 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Remote Code Execution Vulnerability | CVE-2017-0089 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Remote Code Execution Vulnerability | CVE-2017-0090 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Information Disclosure Vulnerability | CVE-2017-0091 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Information Disclosure Vulnerability | CVE-2017-0092 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Information Disclosure Vulnerability | CVE-2017-0111 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Information Disclosure Vulnerability | CVE-2017-0112 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Information Disclosure Vulnerability | CVE-2017-0113 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Information Disclosure Vulnerability | CVE-2017-0114 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Information Disclosure Vulnerability | CVE-2017-0115 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Information Disclosure Vulnerability | CVE-2017-0116 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Information Disclosure Vulnerability | CVE-2017-0117 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Information Disclosure Vulnerability | CVE-2017-0118 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Information Disclosure Vulnerability | CVE-2017-0119 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Information Disclosure Vulnerability | CVE-2017-0120 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Information Disclosure Vulnerability | CVE-2017-0121 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Information Disclosure Vulnerability | CVE-2017-0122 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Information Disclosure Vulnerability | CVE-2017-0123 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Information Disclosure Vulnerability | CVE-2017-0124 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Information Disclosure Vulnerability | CVE-2017-0125 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Information Disclosure Vulnerability | CVE-2017-0126 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Information Disclosure Vulnerability | CVE-2017-0127 | Mateusz Jurczyk of Google Project Zero |
MS17-011 | Uniscribe Information Disclosure Vulnerability | CVE-2017-0128 | Mateusz Jurczyk of Google Project Zero |
MS17-009 | Microsoft PDF Memory Corruption Vulnerability | CVE-2017-0023 | Henry Li (zenhumany) of Trend Micro |
MS17-008 | Hyper-V vSMB Remote Code Execution Vulnerability | CVE-2017-0021 | Saruhan Karademir |
MS17-008 | Hyper-V vSMB Remote Code Execution Vulnerability | CVE-2017-0021 | Jordan Rabet, Microsoft Offensive Security Research Team |
MS17-008 | Microsoft Hyper-V Network Switch Denial of Service Vulnerability | CVE-2017-0051 | Peter Hlavaty (@zer0mem), KeenLab, Tencent |
MS17-008 | Hyper-V Denial of Service Vulnerability | CVE-2017-0074 | Alexander Malysh, Microsoft Network Virtualization Team |
MS17-008 | Hyper-V Denial of Service Vulnerability | CVE-2017-0074 | Sumit Dhoble, Microsoft Network Virtualization Team |
MS17-008 | Hyper-V Remote Code Execution Vulnerability | CVE-2017-0075 | Jordan Rabet, Microsoft Offensive Security Research Team |
MS17-008 | Hyper-V Denial of Service Vulnerability | CVE-2017-0076 | Joe Bialek, MSRC Vulnerabilities and Mitigations Team |
MS17-008 | Hyper-V vSMB Remote Code Execution Vulnerability | CVE-2017-0095 | Jonathan Bar Or, Windows Defender ATP Research Team |
MS17-008 | Hyper-V Information Disclosure Vulnerability | CVE-2017-0096 | Jordan Rabet, Microsoft Offensive Security Research Team |
MS17-008 | Hyper-V Denial of Service Vulnerability | CVE-2017-0097 | MSRC Vulnerabilities and Mitigations Team |
MS17-008 | Hyper-V Denial of Service Vulnerability | CVE-2017-0097 | Lakewood Communications |
MS17-008 | Hyper-V Denial of Service Vulnerability | CVE-2017-0099 | Jordan Rabet, Microsoft Offensive Security Research Team |
MS17-008 | Hyper-V Remote Code Execution Vulnerability | CVE-2017-0109 | MSRC Vulnerabilities and Mitigations Team |
MS17-008 | Defense-in-depth | ----------------- | Yanhui Zhao, Ke Sun of Intel SeCoE Ya Ou, Xiaomin Song, Xiaoning Li of Intel Labs |
MS17-007 | Microsoft Browser Information Disclosure Vulnerability | CVE-2017-0009 | Scott Bell of Security-Assessment.com |
MS17-007 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0010 | Zhang Hanming of Qihoo 360 Vulcan Team |
MS17-007 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0010 | Dhanesh Kizhakkinan of FireEye Inc |
MS17-007 | Microsoft Edge Information Disclosure Vulnerability | CVE-2017-0011 | Suto, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS17-007 | Microsoft Browser Spoofing Vulnerability | CVE-2017-0012 | Zhang Lin, https://xsseng.com |
MS17-007 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0015 | Lokihart working with POC/PwnFest |
MS17-007 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0015 | Simon Zuckerbraun, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS17-007 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0015 | Qixun Zhao of Qihoo 360 Skyeye Labs |
MS17-007 | Microsoft Edge Information Disclosure Vulnerability | CVE-2017-0017 | Masato Kinugawa of Cure53 |
MS17-007 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0032 | Hao Linan of Qihoo 360 Vulcan Team |
MS17-007 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0032 | Anonymous, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS17-007 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0032 | Qixun Zhao of Qihoo 360 Skyeye Labs |
MS17-007 | Microsoft Edge Memory Corruption Vulnerability | CVE-2017-0034 | Zhong Zhaochen (@asnine) of Neusoft |
MS17-007 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0035 | Dhanesh Kizhakkinan of FireEye Inc |
MS17-007 | Microsoft Browser Memory Corruption Vulnerability | CVE-2017-0037 | Ivan Fratric working with Google Project Zero |
MS17-007 | Microsoft Browser Information Disclosure Vulnerability | CVE-2017-0065 | Henri Aho - |
MS17-007 | Microsoft Browser Security Feature Bypass Vulnerability | CVE-2017-0066 | Jun Kokatsu (@shhnjk) |
MS17-007 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0067 | Dhanesh Kizhakkinan of FireEye Inc |
MS17-007 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0067 | Gary Kwong |
MS17-007 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0067 | bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS17-007 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0067 | Henry Li (zenhumany) of Trend Micro |
MS17-007 | Microsoft Browser Information Disclosure Vulnerability | CVE-2017-0068 | Jun Kokatsu (@shhnjk) |
MS17-007 | Microsoft Edge Spoofing Vulnerability | CVE-2017-0069 | Jun Kokatsu (@shhnjk) |
MS17-007 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0070 | Lokihart of Google Project Zero |
MS17-007 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0071 | Lokihart of Google Project Zero |
MS17-007 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0094 | bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI) |
MS17-007 | Microsoft Edge Memory Corruption Vulnerability | CVE-2017-0131 | Dhanesh Kizhakkinan of FireEye Inc |
MS17-007 | Microsoft Edge Memory Corruption Vulnerability | CVE-2017-0132 | Microsoft Chakra Core Team |
MS17-007 | Scripting Engine Memory Corruption Vulnerabilty | CVE-2017-0133 | Dhanesh Kizhakkinan of FireEye Inc |
MS17-007 | Microsoft Edge Security Feature Bypass | CVE-2017-0134 | Jordan Rabet, Microsoft Offensive Security Research Team |
MS17-007 | Microsoft Edge Security Feature Bypass | CVE-2017-0135 | Xiaoyin Liu (@general_nfs) |
MS17-007 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0136 | Michael Holman, Microsoft Chakra Core Team |
MS17-007 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0137 | Nicolas Joly of MSRCE UK |
MS17-007 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0138 | Scott Bell of Security-Assessment.com |
MS17-007 | Microsoft Edge Security Feature Bypass | CVE-2017-0140 | Yorick Koster of Securify B.V. |
MS17-007 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0141 | Semmle Inc |
MS17-007 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0150 | Microsoft ChakraCore Team |
MS17-007 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0151 | Microsoft ChakraCore Team |
MS17-006 | Microsoft Browser Information Disclosure Vulnerability | CVE-2017-0009 | Scott Bell of Security-Assessment.com |
MS17-006 | Internet Explorer Memory Corruption Vulnerability | CVE-2017-0018 | Kai Song exp-sky of Tencent's Xuanwu Lab, working with Trend Micro's Zero Day Initiative (ZDI) |
MS17-006 | Microsoft Browser Memory Corruption Vulnerability | CVE-2017-0037 | Ivan Fratric working with Google Project Zero |
MS17-006 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0040 | Scott Bell of Security-Assessment.com |
MS17-006 | Scripting Engine Information Disclosure Vulnerability | CVE-2017-0049 | Scott Bell of Security-Assessment.com |
MS17-006 | Internet Explorer Information Disclosure Vulnerability | CVE-2017-0059 | Ivan Fratric of Google Project Zero |
MS17-006 | Scripting Engine Memory Corruption Vulnerability | CVE-2017-0130 | Scott Bell of Security-Assessment.com |
January 2017 | |||
MS17-004 | Local Security Authority Subsystem Service Denial of Service Vulnerability | CVE-2017-0004 | Nicolás Economou of Core Security |
MS17-004 | Local Security Authority Subsystem Service Denial of Service Vulnerability | CVE-2017-0004 | Laurent Gaffie |
MS17-002 | Microsoft Office Memory Corruption Vulnerability | CVE-2017-0003 | Tony Loi of Fortinet’s FortiGuard Labs |
3109853 | Defense-in-depth | ----------------- | Thanks to Aaron Coleman, Fitabase, for assistance in identifying the issue. |