Acknowledgments – 2017

Microsoft extends thanks to the following for working with us to help protect customers.

Bulletin ID Vulnerability Title CVE ID Acknowledgment
March 2017
MS17-022 Microsoft XML Core Services Information Disclosure Vulnerability CVE-2017-0022 Brooks Li and Joseph C Chen, Trend Micro
MS17-022 Microsoft XML Core Services Information Disclosure Vulnerability CVE-2017-0022 Will Metcalf and Kafeine of Proofpoint
MS17-021 Windows DirectShow Information Disclosure Vulnerabitliy CVE-2017-0042 Abdulrahman Alqabandi (@qab)
MS17-020 Windows DVD Maker Cross-Site Request Forgery Vulnerability CVE-2017-0045 John Page (hyp3rlinx), ApparitionSec
MS17-018 Win32k Elevation of Privilege Vulnerability CVE-2017-0024 Hao Linan of Qihoo 360 Vulcan Team, working with POC/PwnFest
MS17-018 Win32k Elevation of Privilege Vulnerability CVE-2017-0024 pgboy of Qihoo 360 Vulcan Team working with POC/PwnFest
MS17-018 Win32k Elevation of Privilege Vulnerability CVE-2017-0024 zhong_sf of Qihoo 360 Vulcan Team working with POC/PwnFest
MS17-018 Win32k Elevation of Privilege Vulnerability CVE-2017-0026 Hao Linan of Qihoo 360 Vulcan Team, working with POC/PwnFest
MS17-018 Win32k Elevation of Privilege Vulnerability CVE-2017-0026 pgboy of Qihoo 360 Vulcan Team working with POC/PwnFest
MS17-018 Win32k Elevation of Privilege Vulnerability CVE-2017-0026 zhong_sf of Qihoo 360 Vulcan Team working with POC/PwnFest
MS17-018 Win32k Elevation of Privilege Vulnerability CVE-2017-0056 Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS17-018 Win32k Elevation of Privilege Vulnerability CVE-2017-0056 pgboy and zhong_sf of Qihoo 360 Vulcan Team
MS17-018 Win32k Elevation of Privilege Vulnerability CVE-2017-0078 pgboy and zhong_sf of Qihoo 360 Vulcan Team
MS17-018 Win32k Elevation of Privilege Vulnerability CVE-2017-0079 pgboy and zhong_sf of Qihoo 360 Vulcan Team
MS17-018 Win32k Elevation of Privilege Vulnerability CVE-2017-0080 pgboy and zhong_sf of Qihoo 360 Vulcan Team
MS17-018 Win32k Elevation of Privilege Vulnerability CVE-2017-0081 pgboy and zhong_sf of Qihoo 360 Vulcan Team
MS17-018 Win32k Elevation of Privilege Vulnerability CVE-2017-0082 pgboy and zhong_sf of Qihoo 360 Vulcan Team
MS17-017 Windows Elevation of Privilege Vulnerability CVE-2017-0101 Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS17-017 Windows Registry Elevation of Privilege Vulnerability CVE-2017-0103 James Forshaw of Google Project Zero
MS17-017 Windows Registry Elevation of Privilege Vulnerability CVE-2017-0103 Mateusz Jurczyk of Google Project Zero
MS17-016 Microsoft IIS Server XSS Elevation of Privilege Vulnerability CVE-2017-0055 David Fernandez of Sidertia Solutions
MS17-015 Microsoft Exchange Elevation of Privilege Vulnerability CVE-2017-0110 Gabruel Lima (@gabrielpato)
MS17-014 Microsoft Office Memory Corruption Vulnerability CVE-2017-0006 Yangkang & Liyadong & Wanglu of Qihoo 360 Qex Team
MS17-014 Microsoft Office Memory Corruption Vulnerability CVE-2017-0019 Tony Loi of Fortinet's FortiGuard Labs
MS17-014 Microsoft Office Memory Corruption Vulnerability CVE-2017-0019 Steven Vittitoe of Google Project Zero
MS17-014 Microsoft Office Memory Corruption Vulnerability CVE-2017-0020 Qiang Liu, McAfee
MS17-014 Microsoft Office Information Disclosure Vulnerability CVE-2017-0027 Jaanus Kääp of Clarified Security
MS17-014 Microsoft Office Denial of Service Vulnerability CVE-2017-0029 David Wind of XSEC infosec GmbH
MS17-014 Microsoft Office Memory Corruption Vulnerability CVE-2017-0030 @j00sean
MS17-014 Microsoft Office Memory Corruption Vulnerability CVE-2017-0031 @j00sean
MS17-014 Microsoft Office Memory Corruption Vulnerability CVE-2017-0052 Yangkang & Liyadong & Wanglu of Qihoo 360 Qex Team
MS17-014 Microsoft Office Memory Corruption Vulnerability CVE-2017-0053 Haifei Li of Intel Security
MS17-014 Microsoft Office Information Disclosure Vulnerability CVE-2017-0105 Fortinet’s FortiGuard Labs
MS17-014 Microsoft SharePoint XSS Vulnerability CVE-2017-0107 Cheah Khai Ee, (@MercurialSec)
MS17-014 Microsoft Lync for Mac Certificate Validation Vulnerability CVE-2017-0129 Jerry Decime, Hewlett Packard Enterprise
MS17-014 Defense-in-depth ----------------- @j00sean
MS17-013 Windows GDI Elevation of Privilege Vulnerability CVE-2017-0001 Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS17-013 Windows GDI Elevation of Privilege Vulnerability CVE-2017-0005 Lockheed Martin Computer Incident Response Team
MS17-013 Windows Graphics Component Remote Code Execution Vulnerability CVE-2017-0014 Hossein Lotfi, Secunia Research at Flexera Software
MS17-013 Windows GDI Elevation of Privilege Vulnerability CVE-2017-0025 Lokihart working with POC/PwnFest
MS17-013 Windows Graphics Component Information Disclosure Vulnerability CVE-2017-0038 Mateusz Jurczyk of Google Project Zero
MS17-013 Windows GDI Elevation of Privilege Vulnerability CVE-2017-0047 bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI)
MS17-013 GDI+ Information Disclosure vulnerability CVE-2017-0060 Mateusz Jurczyk of Google Project Zero
MS17-013 Microsoft Color Management Information Disclosure vulnerability CVE-2017-0061 Mateusz Jurczyk of Google Project Zero
MS17-013 GDI+ Information Disclosure Vulnerability CVE-2017-0062 Mateusz Jurczyk of Google Project Zero
MS17-013 Microsoft Color Management Information Disclosure vulnerability CVE-2017-0063 Mateusz Jurczyk of Google Project Zero
MS17-013 Windows GDI+ Information Disclosure Vulnerability CVE-2017-0073 Symeon Paraschoudis of SensePost
MS17-013 Graphics Component Remote Code Execution Vulnerability CVE-2017-0108 Mateusz Jurczyk of Google Project Zero
MS17-012 Device Guard Security Feature Bypass Vulnerability CVE-2017-0007 Matt Nelson (@enigma0x3)
MS17-012 Windows DLL Loading Remote Code Execution Vulnerability CVE-2017-0039 lywang of Tencent’s Xuanwu LAB
MS17-012 Windows DNS Query Information Disclosure Vulnerability CVE-2017-0057 Martin Knafve - http://martinknafve.com/
MS17-012 Windows COM Elevation of Privilege Vulnerability CVE-2017-0100 James Forshaw of Google Project Zero
MS17-012 iSNS Server Memory Corruption Vulnerability CVE-2017-0104 Fortinet’s FortiGuard Labs
MS17-011 Uniscribe Remote Code Execution Vulnerability CVE-2017-0072 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Remote Code Execution Vulnerability CVE-2017-0083 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Remote Code Execution Vulnerability CVE-2017-0084 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Information Disclosure Vulnerability CVE-2017-0085 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Remote Code Execution Vulnerability CVE-2017-0086 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Remote Code Execution Vulnerability CVE-2017-0087 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Remote Code Execution Vulnerability CVE-2017-0088 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Remote Code Execution Vulnerability CVE-2017-0089 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Remote Code Execution Vulnerability CVE-2017-0090 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Information Disclosure Vulnerability CVE-2017-0091 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Information Disclosure Vulnerability CVE-2017-0092 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Information Disclosure Vulnerability CVE-2017-0111 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Information Disclosure Vulnerability CVE-2017-0112 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Information Disclosure Vulnerability CVE-2017-0113 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Information Disclosure Vulnerability CVE-2017-0114 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Information Disclosure Vulnerability CVE-2017-0115 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Information Disclosure Vulnerability CVE-2017-0116 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Information Disclosure Vulnerability CVE-2017-0117 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Information Disclosure Vulnerability CVE-2017-0118 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Information Disclosure Vulnerability CVE-2017-0119 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Information Disclosure Vulnerability CVE-2017-0120 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Information Disclosure Vulnerability CVE-2017-0121 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Information Disclosure Vulnerability CVE-2017-0122 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Information Disclosure Vulnerability CVE-2017-0123 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Information Disclosure Vulnerability CVE-2017-0124 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Information Disclosure Vulnerability CVE-2017-0125 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Information Disclosure Vulnerability CVE-2017-0126 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Information Disclosure Vulnerability CVE-2017-0127 Mateusz Jurczyk of Google Project Zero
MS17-011 Uniscribe Information Disclosure Vulnerability CVE-2017-0128 Mateusz Jurczyk of Google Project Zero
MS17-009 Microsoft PDF Memory Corruption Vulnerability CVE-2017-0023 Henry Li (zenhumany) of Trend Micro
MS17-008 Hyper-V vSMB Remote Code Execution Vulnerability CVE-2017-0021 Saruhan Karademir
MS17-008 Hyper-V vSMB Remote Code Execution Vulnerability CVE-2017-0021 Jordan Rabet, Microsoft Offensive Security Research Team
MS17-008 Microsoft Hyper-V Network Switch Denial of Service Vulnerability CVE-2017-0051 Peter Hlavaty (@zer0mem), KeenLab, Tencent
MS17-008 Hyper-V Denial of Service Vulnerability CVE-2017-0074 Alexander Malysh, Microsoft Network Virtualization Team
MS17-008 Hyper-V Denial of Service Vulnerability CVE-2017-0074 Sumit Dhoble, Microsoft Network Virtualization Team
MS17-008 Hyper-V Remote Code Execution Vulnerability CVE-2017-0075 Jordan Rabet, Microsoft Offensive Security Research Team
MS17-008 Hyper-V Denial of Service Vulnerability CVE-2017-0076 Joe Bialek, MSRC Vulnerabilities and Mitigations Team
MS17-008 Hyper-V vSMB Remote Code Execution Vulnerability CVE-2017-0095 Jonathan Bar Or, Windows Defender ATP Research Team
MS17-008 Hyper-V Information Disclosure Vulnerability CVE-2017-0096 Jordan Rabet, Microsoft Offensive Security Research Team
MS17-008 Hyper-V Denial of Service Vulnerability CVE-2017-0097 MSRC Vulnerabilities and Mitigations Team
MS17-008 Hyper-V Denial of Service Vulnerability CVE-2017-0097 Lakewood Communications
MS17-008 Hyper-V Denial of Service Vulnerability CVE-2017-0099 Jordan Rabet, Microsoft Offensive Security Research Team
MS17-008 Hyper-V Remote Code Execution Vulnerability CVE-2017-0109 MSRC Vulnerabilities and Mitigations Team
MS17-008 Defense-in-depth ----------------- Yanhui Zhao, Ke Sun of Intel SeCoE
Ya Ou, Xiaomin Song, Xiaoning Li of Intel Labs
MS17-007 Microsoft Browser Information Disclosure Vulnerability CVE-2017-0009 Scott Bell of Security-Assessment.com
MS17-007 Scripting Engine Memory Corruption Vulnerability CVE-2017-0010 Zhang Hanming of Qihoo 360 Vulcan Team
MS17-007 Scripting Engine Memory Corruption Vulnerability CVE-2017-0010 Dhanesh Kizhakkinan of FireEye Inc
MS17-007 Microsoft Edge Information Disclosure Vulnerability CVE-2017-0011 Suto, working with Trend Micro’s Zero Day Initiative (ZDI)
MS17-007 Microsoft Browser Spoofing Vulnerability CVE-2017-0012 Zhang Lin, http://xsseng.com
MS17-007 Scripting Engine Memory Corruption Vulnerability CVE-2017-0015 Lokihart working with POC/PwnFest
MS17-007 Scripting Engine Memory Corruption Vulnerability CVE-2017-0015 Simon Zuckerbraun, working with Trend Micro’s Zero Day Initiative (ZDI)
MS17-007 Scripting Engine Memory Corruption Vulnerability CVE-2017-0015 Qixun Zhao of Qihoo 360 Skyeye Labs
MS17-007 Microsoft Edge Information Disclosure Vulnerability CVE-2017-0017 Masato Kinugawa of Cure53
MS17-007 Scripting Engine Memory Corruption Vulnerability CVE-2017-0032 Hao Linan of Qihoo 360 Vulcan Team
MS17-007 Scripting Engine Memory Corruption Vulnerability CVE-2017-0032 Anonymous, working with Trend Micro’s Zero Day Initiative (ZDI)
MS17-007 Scripting Engine Memory Corruption Vulnerability CVE-2017-0032 Qixun Zhao of Qihoo 360 Skyeye Labs
MS17-007 Microsoft Edge Memory Corruption Vulnerability CVE-2017-0034 Zhong Zhaochen (@asnine) of Neusoft
MS17-007 Scripting Engine Memory Corruption Vulnerability CVE-2017-0035 Dhanesh Kizhakkinan of FireEye Inc
MS17-007 Microsoft Browser Memory Corruption Vulnerability CVE-2017-0037 Ivan Fratric working with Google Project Zero
MS17-007 Microsoft Browser Information Disclosure Vulnerability CVE-2017-0065 Henri Aho - https://www.linkedin.com/in/henri-aho-497abab6/
MS17-007 Microsoft Browser Security Feature Bypass Vulnerability CVE-2017-0066 Jun Kokatsu (@shhnjk)
MS17-007 Scripting Engine Memory Corruption Vulnerability CVE-2017-0067 Dhanesh Kizhakkinan of FireEye Inc
MS17-007 Scripting Engine Memory Corruption Vulnerability CVE-2017-0067 Gary Kwong
MS17-007 Scripting Engine Memory Corruption Vulnerability CVE-2017-0067 bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI)
MS17-007 Scripting Engine Memory Corruption Vulnerability CVE-2017-0067 Henry Li (zenhumany) of Trend Micro
MS17-007 Microsoft Browser Information Disclosure Vulnerability CVE-2017-0068 Jun Kokatsu (@shhnjk)
MS17-007 Microsoft Edge Spoofing Vulnerability CVE-2017-0069 Jun Kokatsu (@shhnjk)
MS17-007 Scripting Engine Memory Corruption Vulnerability CVE-2017-0070 Lokihart of Google Project Zero
MS17-007 Scripting Engine Memory Corruption Vulnerability CVE-2017-0071 Lokihart of Google Project Zero
MS17-007 Scripting Engine Memory Corruption Vulnerability CVE-2017-0094 bee13oy of CloverSec Labs, working with Trend Micro’s Zero Day Initiative (ZDI)
MS17-007 Microsoft Edge Memory Corruption Vulnerability CVE-2017-0131 Dhanesh Kizhakkinan of FireEye Inc
MS17-007 Microsoft Edge Memory Corruption Vulnerability CVE-2017-0132 Microsoft Chakra Core Team
MS17-007 Scripting Engine Memory Corruption Vulnerabilty CVE-2017-0133 Dhanesh Kizhakkinan of FireEye Inc
MS17-007 Microsoft Edge Security Feature Bypass CVE-2017-0134 Jordan Rabet, Microsoft Offensive Security Research Team
MS17-007 Microsoft Edge Security Feature Bypass CVE-2017-0135 Xiaoyin Liu (@general_nfs)
MS17-007 Scripting Engine Memory Corruption Vulnerability CVE-2017-0136 Michael Holman, Microsoft Chakra Core Team
MS17-007 Scripting Engine Memory Corruption Vulnerability CVE-2017-0137 Nicolas Joly of MSRCE UK
MS17-007 Scripting Engine Memory Corruption Vulnerability CVE-2017-0138 Scott Bell of Security-Assessment.com
MS17-007 Microsoft Edge Security Feature Bypass CVE-2017-0140 Yorick Koster of Securify B.V.
MS17-007 Scripting Engine Memory Corruption Vulnerability CVE-2017-0141 Semmle Inc
MS17-007 Scripting Engine Memory Corruption Vulnerability CVE-2017-0150 Microsoft ChakraCore Team
MS17-007 Scripting Engine Memory Corruption Vulnerability CVE-2017-0151 Microsoft ChakraCore Team
MS17-006 Microsoft Browser Information Disclosure Vulnerability CVE-2017-0009 Scott Bell of Security-Assessment.com
MS17-006 Internet Explorer Memory Corruption Vulnerability CVE-2017-0018 Kai Song exp-sky of Tencent's Xuanwu Lab, working with Trend Micro's Zero Day Initiative (ZDI)
MS17-006 Microsoft Browser Memory Corruption Vulnerability CVE-2017-0037 Ivan Fratric working with Google Project Zero
MS17-006 Scripting Engine Memory Corruption Vulnerability CVE-2017-0040 Scott Bell of Security-Assessment.com
MS17-006 Scripting Engine Information Disclosure Vulnerability CVE-2017-0049 Scott Bell of Security-Assessment.com
MS17-006 Internet Explorer Information Disclosure Vulnerability CVE-2017-0059 Ivan Fratric of Google Project Zero
MS17-006 Scripting Engine Memory Corruption Vulnerability CVE-2017-0130 Scott Bell of Security-Assessment.com
January 2017
MS17-004 Local Security Authority Subsystem Service Denial of Service Vulnerability CVE-2017-0004 Nicolás Economou of Core Security
MS17-004 Local Security Authority Subsystem Service Denial of Service Vulnerability CVE-2017-0004 Laurent Gaffie
MS17-002 Microsoft Office Memory Corruption Vulnerability CVE-2017-0003 Tony Loi of Fortinet’s FortiGuard Labs
3109853 Defense-in-depth ----------------- Thanks to Aaron Coleman, Fitabase, for assistance in identifying the issue.