Acknowledgments - 2017

Article
10/14/2022

Microsoft extends thanks to the following for working with us to help protect customers.

Bulletin ID	Vulnerability Title	CVE ID	Acknowledgment
March 2017
MS17-022	Microsoft XML Core Services Information Disclosure Vulnerability	CVE-2017-0022	Brooks Li and Joseph C Chen, Trend Micro
MS17-022	Microsoft XML Core Services Information Disclosure Vulnerability	CVE-2017-0022	Will Metcalf and Kafeine of Proofpoint
MS17-021	Windows DirectShow Information Disclosure Vulnerabitliy	CVE-2017-0042	Abdulrahman Alqabandi (@qab)
MS17-020	Windows DVD Maker Cross-Site Request Forgery Vulnerability	CVE-2017-0045	John Page (hyp3rlinx), ApparitionSec
MS17-018	Win32k Elevation of Privilege Vulnerability	CVE-2017-0024	Hao Linan of Qihoo 360 Vulcan Team, working with POC/PwnFest
MS17-018	Win32k Elevation of Privilege Vulnerability	CVE-2017-0024	pgboy of Qihoo 360 Vulcan Team working with POC/PwnFest
MS17-018	Win32k Elevation of Privilege Vulnerability	CVE-2017-0024	zhong_sf of Qihoo 360 Vulcan Team working with POC/PwnFest
MS17-018	Win32k Elevation of Privilege Vulnerability	CVE-2017-0026	Hao Linan of Qihoo 360 Vulcan Team, working with POC/PwnFest
MS17-018	Win32k Elevation of Privilege Vulnerability	CVE-2017-0026	pgboy of Qihoo 360 Vulcan Team working with POC/PwnFest
MS17-018	Win32k Elevation of Privilege Vulnerability	CVE-2017-0026	zhong_sf of Qihoo 360 Vulcan Team working with POC/PwnFest
MS17-018	Win32k Elevation of Privilege Vulnerability	CVE-2017-0056	Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS17-018	Win32k Elevation of Privilege Vulnerability	CVE-2017-0056	pgboy and zhong_sf of Qihoo 360 Vulcan Team
MS17-018	Win32k Elevation of Privilege Vulnerability	CVE-2017-0078	pgboy and zhong_sf of Qihoo 360 Vulcan Team
MS17-018	Win32k Elevation of Privilege Vulnerability	CVE-2017-0079	pgboy and zhong_sf of Qihoo 360 Vulcan Team
MS17-018	Win32k Elevation of Privilege Vulnerability	CVE-2017-0080	pgboy and zhong_sf of Qihoo 360 Vulcan Team
MS17-018	Win32k Elevation of Privilege Vulnerability	CVE-2017-0081	pgboy and zhong_sf of Qihoo 360 Vulcan Team
MS17-018	Win32k Elevation of Privilege Vulnerability	CVE-2017-0082	pgboy and zhong_sf of Qihoo 360 Vulcan Team
MS17-017	Windows Elevation of Privilege Vulnerability	CVE-2017-0101	Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS17-017	Windows Registry Elevation of Privilege Vulnerability	CVE-2017-0103	James Forshaw of Google Project Zero
MS17-017	Windows Registry Elevation of Privilege Vulnerability	CVE-2017-0103	Mateusz Jurczyk of Google Project Zero
MS17-016	Microsoft IIS Server XSS Elevation of Privilege Vulnerability	CVE-2017-0055	David Fernandez of Sidertia Solutions
MS17-015	Microsoft Exchange Elevation of Privilege Vulnerability	CVE-2017-0110	Gabruel Lima (@gabrielpato)
MS17-014	Microsoft Office Memory Corruption Vulnerability	CVE-2017-0006	Yangkang & Liyadong & Wanglu of Qihoo 360 Qex Team
MS17-014	Microsoft Office Memory Corruption Vulnerability	CVE-2017-0019	Tony Loi of Fortinet's FortiGuard Labs
MS17-014	Microsoft Office Memory Corruption Vulnerability	CVE-2017-0019	Steven Vittitoe of Google Project Zero
MS17-014	Microsoft Office Memory Corruption Vulnerability	CVE-2017-0020	Qiang Liu, McAfee
MS17-014	Microsoft Office Information Disclosure Vulnerability	CVE-2017-0027	Jaanus Kääp of Clarified Security
MS17-014	Microsoft Office Denial of Service Vulnerability	CVE-2017-0029	David Wind of XSEC infosec GmbH
MS17-014	Microsoft Office Memory Corruption Vulnerability	CVE-2017-0030	@j00sean
MS17-014	Microsoft Office Memory Corruption Vulnerability	CVE-2017-0031	@j00sean
MS17-014	Microsoft Office Memory Corruption Vulnerability	CVE-2017-0052	Yangkang & Liyadong & Wanglu of Qihoo 360 Qex Team
MS17-014	Microsoft Office Memory Corruption Vulnerability	CVE-2017-0053	Haifei Li of Intel Security
MS17-014	Microsoft Office Information Disclosure Vulnerability	CVE-2017-0105	Fortinet’s FortiGuard Labs
MS17-014	Microsoft SharePoint XSS Vulnerability	CVE-2017-0107	Cheah Khai Ee, (@MercurialSec)
MS17-014	Microsoft Lync for Mac Certificate Validation Vulnerability	CVE-2017-0129	Jerry Decime, Hewlett Packard Enterprise
MS17-014	Defense-in-depth	-----------------	@j00sean
MS17-013	Windows GDI Elevation of Privilege Vulnerability	CVE-2017-0001	Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS17-013	Windows GDI Elevation of Privilege Vulnerability	CVE-2017-0005	Lockheed Martin Computer Incident Response Team
MS17-013	Windows Graphics Component Remote Code Execution Vulnerability	CVE-2017-0014	Hossein Lotfi, Secunia Research at Flexera Software
MS17-013	Windows GDI Elevation of Privilege Vulnerability	CVE-2017-0025	Lokihart working with POC/PwnFest
MS17-013	Windows Graphics Component Information Disclosure Vulnerability	CVE-2017-0038	Mateusz Jurczyk of Google Project Zero
MS17-013	Windows GDI Elevation of Privilege Vulnerability	CVE-2017-0047	bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI)
MS17-013	GDI+ Information Disclosure vulnerability	CVE-2017-0060	Mateusz Jurczyk of Google Project Zero
MS17-013	Microsoft Color Management Information Disclosure vulnerability	CVE-2017-0061	Mateusz Jurczyk of Google Project Zero
MS17-013	GDI+ Information Disclosure Vulnerability	CVE-2017-0062	Mateusz Jurczyk of Google Project Zero
MS17-013	Microsoft Color Management Information Disclosure vulnerability	CVE-2017-0063	Mateusz Jurczyk of Google Project Zero
MS17-013	Windows GDI+ Information Disclosure Vulnerability	CVE-2017-0073	Symeon Paraschoudis of SensePost
MS17-013	Graphics Component Remote Code Execution Vulnerability	CVE-2017-0108	Mateusz Jurczyk of Google Project Zero
MS17-012	Device Guard Security Feature Bypass Vulnerability	CVE-2017-0007	Matt Nelson (@enigma0x3)
MS17-012	Windows DLL Loading Remote Code Execution Vulnerability	CVE-2017-0039	lywang of Tencent’s Xuanwu LAB
MS17-012	Windows DNS Query Information Disclosure Vulnerability	CVE-2017-0057	Martin Knafve -
MS17-012	Windows COM Elevation of Privilege Vulnerability	CVE-2017-0100	James Forshaw of Google Project Zero
MS17-012	iSNS Server Memory Corruption Vulnerability	CVE-2017-0104	Fortinet’s FortiGuard Labs
MS17-011	Uniscribe Remote Code Execution Vulnerability	CVE-2017-0072	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Remote Code Execution Vulnerability	CVE-2017-0083	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Remote Code Execution Vulnerability	CVE-2017-0084	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Information Disclosure Vulnerability	CVE-2017-0085	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Remote Code Execution Vulnerability	CVE-2017-0086	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Remote Code Execution Vulnerability	CVE-2017-0087	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Remote Code Execution Vulnerability	CVE-2017-0088	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Remote Code Execution Vulnerability	CVE-2017-0089	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Remote Code Execution Vulnerability	CVE-2017-0090	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Information Disclosure Vulnerability	CVE-2017-0091	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Information Disclosure Vulnerability	CVE-2017-0092	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Information Disclosure Vulnerability	CVE-2017-0111	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Information Disclosure Vulnerability	CVE-2017-0112	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Information Disclosure Vulnerability	CVE-2017-0113	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Information Disclosure Vulnerability	CVE-2017-0114	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Information Disclosure Vulnerability	CVE-2017-0115	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Information Disclosure Vulnerability	CVE-2017-0116	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Information Disclosure Vulnerability	CVE-2017-0117	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Information Disclosure Vulnerability	CVE-2017-0118	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Information Disclosure Vulnerability	CVE-2017-0119	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Information Disclosure Vulnerability	CVE-2017-0120	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Information Disclosure Vulnerability	CVE-2017-0121	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Information Disclosure Vulnerability	CVE-2017-0122	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Information Disclosure Vulnerability	CVE-2017-0123	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Information Disclosure Vulnerability	CVE-2017-0124	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Information Disclosure Vulnerability	CVE-2017-0125	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Information Disclosure Vulnerability	CVE-2017-0126	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Information Disclosure Vulnerability	CVE-2017-0127	Mateusz Jurczyk of Google Project Zero
MS17-011	Uniscribe Information Disclosure Vulnerability	CVE-2017-0128	Mateusz Jurczyk of Google Project Zero
MS17-009	Microsoft PDF Memory Corruption Vulnerability	CVE-2017-0023	Henry Li (zenhumany) of Trend Micro
MS17-008	Hyper-V vSMB Remote Code Execution Vulnerability	CVE-2017-0021	Saruhan Karademir
MS17-008	Hyper-V vSMB Remote Code Execution Vulnerability	CVE-2017-0021	Jordan Rabet, Microsoft Offensive Security Research Team
MS17-008	Microsoft Hyper-V Network Switch Denial of Service Vulnerability	CVE-2017-0051	Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS17-008	Hyper-V Denial of Service Vulnerability	CVE-2017-0074	Alexander Malysh, Microsoft Network Virtualization Team
MS17-008	Hyper-V Denial of Service Vulnerability	CVE-2017-0074	Sumit Dhoble, Microsoft Network Virtualization Team
MS17-008	Hyper-V Remote Code Execution Vulnerability	CVE-2017-0075	Jordan Rabet, Microsoft Offensive Security Research Team
MS17-008	Hyper-V Denial of Service Vulnerability	CVE-2017-0076	Joe Bialek, MSRC Vulnerabilities and Mitigations Team
MS17-008	Hyper-V vSMB Remote Code Execution Vulnerability	CVE-2017-0095	Jonathan Bar Or, Windows Defender ATP Research Team
MS17-008	Hyper-V Information Disclosure Vulnerability	CVE-2017-0096	Jordan Rabet, Microsoft Offensive Security Research Team
MS17-008	Hyper-V Denial of Service Vulnerability	CVE-2017-0097	MSRC Vulnerabilities and Mitigations Team
MS17-008	Hyper-V Denial of Service Vulnerability	CVE-2017-0097	Lakewood Communications
MS17-008	Hyper-V Denial of Service Vulnerability	CVE-2017-0099	Jordan Rabet, Microsoft Offensive Security Research Team
MS17-008	Hyper-V Remote Code Execution Vulnerability	CVE-2017-0109	MSRC Vulnerabilities and Mitigations Team
MS17-008	Defense-in-depth	-----------------	Yanhui Zhao, Ke Sun of Intel SeCoE Ya Ou, Xiaomin Song, Xiaoning Li of Intel Labs
MS17-007	Microsoft Browser Information Disclosure Vulnerability	CVE-2017-0009	Scott Bell of Security-Assessment.com
MS17-007	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0010	Zhang Hanming of Qihoo 360 Vulcan Team
MS17-007	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0010	Dhanesh Kizhakkinan of FireEye Inc
MS17-007	Microsoft Edge Information Disclosure Vulnerability	CVE-2017-0011	Suto, working with Trend Micro’s Zero Day Initiative (ZDI)
MS17-007	Microsoft Browser Spoofing Vulnerability	CVE-2017-0012	Zhang Lin, https://xsseng.com
MS17-007	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0015	Lokihart working with POC/PwnFest
MS17-007	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0015	Simon Zuckerbraun, working with Trend Micro’s Zero Day Initiative (ZDI)
MS17-007	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0015	Qixun Zhao of Qihoo 360 Skyeye Labs
MS17-007	Microsoft Edge Information Disclosure Vulnerability	CVE-2017-0017	Masato Kinugawa of Cure53
MS17-007	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0032	Hao Linan of Qihoo 360 Vulcan Team
MS17-007	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0032	Anonymous, working with Trend Micro’s Zero Day Initiative (ZDI)
MS17-007	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0032	Qixun Zhao of Qihoo 360 Skyeye Labs
MS17-007	Microsoft Edge Memory Corruption Vulnerability	CVE-2017-0034	Zhong Zhaochen (@asnine) of Neusoft
MS17-007	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0035	Dhanesh Kizhakkinan of FireEye Inc
MS17-007	Microsoft Browser Memory Corruption Vulnerability	CVE-2017-0037	Ivan Fratric working with Google Project Zero
MS17-007	Microsoft Browser Information Disclosure Vulnerability	CVE-2017-0065	Henri Aho -
MS17-007	Microsoft Browser Security Feature Bypass Vulnerability	CVE-2017-0066	Jun Kokatsu (@shhnjk)
MS17-007	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0067	Dhanesh Kizhakkinan of FireEye Inc
MS17-007	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0067	Gary Kwong
MS17-007	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0067	bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI)
MS17-007	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0067	Henry Li (zenhumany) of Trend Micro
MS17-007	Microsoft Browser Information Disclosure Vulnerability	CVE-2017-0068	Jun Kokatsu (@shhnjk)
MS17-007	Microsoft Edge Spoofing Vulnerability	CVE-2017-0069	Jun Kokatsu (@shhnjk)
MS17-007	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0070	Lokihart of Google Project Zero
MS17-007	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0071	Lokihart of Google Project Zero
MS17-007	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0094	bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI)
MS17-007	Microsoft Edge Memory Corruption Vulnerability	CVE-2017-0131	Dhanesh Kizhakkinan of FireEye Inc
MS17-007	Microsoft Edge Memory Corruption Vulnerability	CVE-2017-0132	Microsoft Chakra Core Team
MS17-007	Scripting Engine Memory Corruption Vulnerabilty	CVE-2017-0133	Dhanesh Kizhakkinan of FireEye Inc
MS17-007	Microsoft Edge Security Feature Bypass	CVE-2017-0134	Jordan Rabet, Microsoft Offensive Security Research Team
MS17-007	Microsoft Edge Security Feature Bypass	CVE-2017-0135	Xiaoyin Liu (@general_nfs)
MS17-007	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0136	Michael Holman, Microsoft Chakra Core Team
MS17-007	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0137	Nicolas Joly of MSRCE UK
MS17-007	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0138	Scott Bell of Security-Assessment.com
MS17-007	Microsoft Edge Security Feature Bypass	CVE-2017-0140	Yorick Koster of Securify B.V.
MS17-007	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0141	Semmle Inc
MS17-007	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0150	Microsoft ChakraCore Team
MS17-007	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0151	Microsoft ChakraCore Team
MS17-006	Microsoft Browser Information Disclosure Vulnerability	CVE-2017-0009	Scott Bell of Security-Assessment.com
MS17-006	Internet Explorer Memory Corruption Vulnerability	CVE-2017-0018	Kai Song exp-sky of Tencent's Xuanwu Lab, working with Trend Micro's Zero Day Initiative (ZDI)
MS17-006	Microsoft Browser Memory Corruption Vulnerability	CVE-2017-0037	Ivan Fratric working with Google Project Zero
MS17-006	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0040	Scott Bell of Security-Assessment.com
MS17-006	Scripting Engine Information Disclosure Vulnerability	CVE-2017-0049	Scott Bell of Security-Assessment.com
MS17-006	Internet Explorer Information Disclosure Vulnerability	CVE-2017-0059	Ivan Fratric of Google Project Zero
MS17-006	Scripting Engine Memory Corruption Vulnerability	CVE-2017-0130	Scott Bell of Security-Assessment.com
January 2017
MS17-004	Local Security Authority Subsystem Service Denial of Service Vulnerability	CVE-2017-0004	Nicolás Economou of Core Security
MS17-004	Local Security Authority Subsystem Service Denial of Service Vulnerability	CVE-2017-0004	Laurent Gaffie
MS17-002	Microsoft Office Memory Corruption Vulnerability	CVE-2017-0003	Tony Loi of Fortinet’s FortiGuard Labs
3109853	Defense-in-depth	-----------------	Thanks to Aaron Coleman, Fitabase, for assistance in identifying the issue.

Acknowledgments - 2017

Additional resources