Acknowledgments – 2017
Microsoft extends thanks to the following for working with us to help protect customers.
**Bulletin ID** | **Vulnerability Title** | **CVE ID** | **Acknowledgment** |
**March 2017** | |||
[MS17-022](https://go.microsoft.com/fwlink/?linkid=839435) | Microsoft XML Core Services Information Disclosure Vulnerability | [CVE-2017-0022](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0022) | Brooks Li and Joseph C Chen, [Trend Micro](http://www.trendmicro.com/) |
[MS17-022](https://go.microsoft.com/fwlink/?linkid=839435) | Microsoft XML Core Services Information Disclosure Vulnerability | [CVE-2017-0022](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0022) | Will Metcalf and Kafeine of [Proofpoint](https://www.proofpoint.com/) |
[MS17-021](https://go.microsoft.com/fwlink/?linkid=839434) | Windows DirectShow Information Disclosure Vulnerabitliy | [CVE-2017-0042](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0042) | Abdulrahman Alqabandi ([@qab](https://twitter.com/qab)) |
[MS17-020](https://go.microsoft.com/fwlink/?linkid=836272) | Windows DVD Maker Cross-Site Request Forgery Vulnerability | [CVE-2017-0045](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0045) | John Page ([hyp3rlinx](http://hyp3rlinx.altervista.org/)), ApparitionSec |
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) | Win32k Elevation of Privilege Vulnerability | [CVE-2017-0024](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0024) | Hao Linan of [Qihoo 360 Vulcan Team](http://www.360.cn/), working with [POC](http://powerofcommunity.net/)/[PwnFest](http://pwnfest.org/) |
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) | Win32k Elevation of Privilege Vulnerability | [CVE-2017-0024](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0024) | [pgboy](http://weibo.com/pgboy1988) of [Qihoo 360 Vulcan Team](http://www.360.cn/) working with POC/PwnFest |
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) | Win32k Elevation of Privilege Vulnerability | [CVE-2017-0024](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0024) | [zhong\_sf](http://weibo.com/2641521260) of [Qihoo 360 Vulcan Team](http://www.360.cn/) working with POC/PwnFest |
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) | Win32k Elevation of Privilege Vulnerability | [CVE-2017-0026](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0026) | Hao Linan of [Qihoo 360 Vulcan Team](http://www.360.cn/), working with [POC](http://powerofcommunity.net/)/[PwnFest](http://pwnfest.org/) |
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) | Win32k Elevation of Privilege Vulnerability | [CVE-2017-0026](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0026) | [pgboy](http://weibo.com/pgboy1988) of [Qihoo 360 Vulcan Team](http://www.360.cn/) working with POC/PwnFest |
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) | Win32k Elevation of Privilege Vulnerability | [CVE-2017-0026](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0026) | [zhong\_sf](http://weibo.com/2641521260) of [Qihoo 360 Vulcan Team](http://www.360.cn/) working with POC/PwnFest |
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) | Win32k Elevation of Privilege Vulnerability | [CVE-2017-0056](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0056) | Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/) |
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) | Win32k Elevation of Privilege Vulnerability | [CVE-2017-0056](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0056) | [pgboy](http://weibo.com/pgboy1988) and [zhong\_sf](http://weibo.com/2641521260) of [Qihoo 360 Vulcan Team](http://www.360.cn/) |
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) | Win32k Elevation of Privilege Vulnerability | [CVE-2017-0078](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0078) | [pgboy](http://weibo.com/pgboy1988) and [zhong\_sf](http://weibo.com/2641521260) of [Qihoo 360 Vulcan Team](http://www.360.cn/) |
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) | Win32k Elevation of Privilege Vulnerability | [CVE-2017-0079](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0079) | [pgboy](http://weibo.com/pgboy1988) and [zhong\_sf](http://weibo.com/2641521260) of [Qihoo 360 Vulcan Team](http://www.360.cn/) |
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) | Win32k Elevation of Privilege Vulnerability | [CVE-2017-0080](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0080) | [pgboy](http://weibo.com/pgboy1988) and [zhong\_sf](http://weibo.com/2641521260) of [Qihoo 360 Vulcan Team](http://www.360.cn/) |
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) | Win32k Elevation of Privilege Vulnerability | [CVE-2017-0081](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0081) | [pgboy](http://weibo.com/pgboy1988) and [zhong\_sf](http://weibo.com/2641521260) of [Qihoo 360 Vulcan Team](http://www.360.cn/) |
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) | Win32k Elevation of Privilege Vulnerability | [CVE-2017-0082](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0082) | [pgboy](http://weibo.com/pgboy1988) and [zhong\_sf](http://weibo.com/2641521260) of [Qihoo 360 Vulcan Team](http://www.360.cn/) |
[MS17-017](https://go.microsoft.com/fwlink/?linkid=842216) | Windows Elevation of Privilege Vulnerability | [CVE-2017-0101](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0101) | Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/) |
[MS17-017](https://go.microsoft.com/fwlink/?linkid=842216) | Windows Registry Elevation of Privilege Vulnerability | [CVE-2017-0103](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0103) | James Forshaw of [Google Project Zero](http://www.google.com/) |
[MS17-017](https://go.microsoft.com/fwlink/?linkid=842216) | Windows Registry Elevation of Privilege Vulnerability | [CVE-2017-0103](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0103) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-016](https://go.microsoft.com/fwlink/?linkid=842209) | Microsoft IIS Server XSS Elevation of Privilege Vulnerability | [CVE-2017-0055](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0055) | David Fernandez of [Sidertia Solutions](https://www.sidertia.com/) |
[MS17-015](https://go.microsoft.com/fwlink/?linkid=842279) | Microsoft Exchange Elevation of Privilege Vulnerability | [CVE-2017-0110](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0110) | Gabruel Lima ([@gabrielpato](http://twitter.com/gabrielpato)) |
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) | Microsoft Office Memory Corruption Vulnerability | [CVE-2017-0006](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0006) | Yangkang & Liyadong & Wanglu of Qihoo [360 Qex Team](http://www.360.cn/) |
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) | Microsoft Office Memory Corruption Vulnerability | [CVE-2017-0019](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0019) | Tony Loi of [Fortinet's FortiGuard Labs](http://www.fortiguard.com/) |
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) | Microsoft Office Memory Corruption Vulnerability | [CVE-2017-0019](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0019) | Steven Vittitoe of [Google Project Zero](http://www.google.com/) |
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) | Microsoft Office Memory Corruption Vulnerability | [CVE-2017-0020](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0020) | Qiang Liu, [McAfee](http://www.mcafee.com/) |
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) | Microsoft Office Information Disclosure Vulnerability | [CVE-2017-0027](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0027) | Jaanus Kääp of [Clarified Security](http://www.clarifiedsecurity.com/) |
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) | Microsoft Office Denial of Service Vulnerability | [CVE-2017-0029](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0029) | David Wind of [XSEC infosec GmbH](https://www.xsec.at/) |
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) | Microsoft Office Memory Corruption Vulnerability | [CVE-2017-0030](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0030) | [@j00sean](https://twitter.com/j00sean) |
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) | Microsoft Office Memory Corruption Vulnerability | [CVE-2017-0031](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0031) | [@j00sean](https://twitter.com/j00sean) |
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) | Microsoft Office Memory Corruption Vulnerability | [CVE-2017-0052](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0052) | Yangkang & Liyadong & Wanglu of Qihoo [360 Qex Team](http://www.360.cn/) |
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) | Microsoft Office Memory Corruption Vulnerability | [CVE-2017-0053](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0053) | Haifei Li of [Intel Security](http://www.intelsecurity.com/) |
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) | Microsoft Office Information Disclosure Vulnerability | [CVE-2017-0105](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0105) | [Fortinet’s FortiGuard Labs](http://www.fortiguard.com/) |
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) | Microsoft SharePoint XSS Vulnerability | [CVE-2017-0107](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0107) | Cheah Khai Ee, ([@MercurialSec](https://twitter.com/mercurialsec)) |
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) | Microsoft Lync for Mac Certificate Validation Vulnerability | [CVE-2017-0129](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0129) | Jerry Decime, Hewlett Packard Enterprise |
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) | Defense-in-depth | ----------------- | [@j00sean](https://twitter.com/j00sean) |
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) | Windows GDI Elevation of Privilege Vulnerability | [CVE-2017-0001](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0001) | Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/) |
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) | Windows GDI Elevation of Privilege Vulnerability | [CVE-2017-0005](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0005) | Lockheed Martin Computer Incident Response Team |
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) | Windows Graphics Component Remote Code Execution Vulnerability | [CVE-2017-0014](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0014) | Hossein Lotfi, [Secunia Research at Flexera Software](http://www.flexerasoftware.com/enterprise/company/about/secunia-research/) |
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) | Windows GDI Elevation of Privilege Vulnerability | [CVE-2017-0025](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0025) | Lokihart working with [POC](http://powerofcommunity.net/)/[PwnFest](http://pwnfest.org/) |
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) | Windows Graphics Component Information Disclosure Vulnerability | [CVE-2017-0038](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0038) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) | Windows GDI Elevation of Privilege Vulnerability | [CVE-2017-0047](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0047) | bee13oy of CloverSec Labs, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) | GDI+ Information Disclosure vulnerability | [CVE-2017-0060](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0060) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) | Microsoft Color Management Information Disclosure vulnerability | [CVE-2017-0061](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0061) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) | GDI+ Information Disclosure Vulnerability | [CVE-2017-0062](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0062) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) | Microsoft Color Management Information Disclosure vulnerability | [CVE-2017-0063](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0063) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) | Windows GDI+ Information Disclosure Vulnerability | [CVE-2017-0073](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0073) | Symeon Paraschoudis of [SensePost](https://sensepost.com/) |
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) | Graphics Component Remote Code Execution Vulnerability | [CVE-2017-0108](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0108) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-012](https://go.microsoft.com/fwlink/?linkid=842212) | Device Guard Security Feature Bypass Vulnerability | [CVE-2017-0007](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0007) | Matt Nelson ([@enigma0x3](https://twitter.com/enigma0x3)) |
[MS17-012](https://go.microsoft.com/fwlink/?linkid=842212) | Windows DLL Loading Remote Code Execution Vulnerability | [CVE-2017-0039](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0039) | lywang of [Tencent’s Xuanwu LAB](http://www.tencent.com/) |
[MS17-012](https://go.microsoft.com/fwlink/?linkid=842212) | Windows DNS Query Information Disclosure Vulnerability | [CVE-2017-0057](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0057) | Martin Knafve - |
[MS17-012](https://go.microsoft.com/fwlink/?linkid=842212) | Windows COM Elevation of Privilege Vulnerability | [CVE-2017-0100](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0100) | James Forshaw of [Google Project Zero](http://www.google.com/) |
[MS17-012](https://go.microsoft.com/fwlink/?linkid=842212) | iSNS Server Memory Corruption Vulnerability | [CVE-2017-0104](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0104) | [Fortinet’s FortiGuard Labs](http://www.fortiguard.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Remote Code Execution Vulnerability | [CVE-2017-0072](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0072) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Remote Code Execution Vulnerability | [CVE-2017-0083](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0083) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Remote Code Execution Vulnerability | [CVE-2017-0084](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0084) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Information Disclosure Vulnerability | [CVE-2017-0085](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0085) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Remote Code Execution Vulnerability | [CVE-2017-0086](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0086) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Remote Code Execution Vulnerability | [CVE-2017-0087](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0087) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Remote Code Execution Vulnerability | [CVE-2017-0088](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0088) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Remote Code Execution Vulnerability | [CVE-2017-0089](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0089) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Remote Code Execution Vulnerability | [CVE-2017-0090](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0090) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Information Disclosure Vulnerability | [CVE-2017-0091](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0091) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Information Disclosure Vulnerability | [CVE-2017-0092](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0092) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Information Disclosure Vulnerability | [CVE-2017-0111](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0111) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Information Disclosure Vulnerability | [CVE-2017-0112](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0112) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Information Disclosure Vulnerability | [CVE-2017-0113](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0113) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Information Disclosure Vulnerability | [CVE-2017-0114](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0114) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Information Disclosure Vulnerability | [CVE-2017-0115](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0115) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Information Disclosure Vulnerability | [CVE-2017-0116](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0116) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Information Disclosure Vulnerability | [CVE-2017-0117](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0117) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Information Disclosure Vulnerability | [CVE-2017-0118](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0118) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Information Disclosure Vulnerability | [CVE-2017-0119](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0119) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Information Disclosure Vulnerability | [CVE-2017-0120](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0120) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Information Disclosure Vulnerability | [CVE-2017-0121](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0121) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Information Disclosure Vulnerability | [CVE-2017-0122](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0122) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Information Disclosure Vulnerability | [CVE-2017-0123](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0123) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Information Disclosure Vulnerability | [CVE-2017-0124](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0124) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Information Disclosure Vulnerability | [CVE-2017-0125](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0125) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Information Disclosure Vulnerability | [CVE-2017-0126](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0126) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Information Disclosure Vulnerability | [CVE-2017-0127](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0127) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) | Uniscribe Information Disclosure Vulnerability | [CVE-2017-0128](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0128) | Mateusz Jurczyk of [Google Project Zero](http://www.google.com/) |
[MS17-009](https://go.microsoft.com/fwlink/?linkid=839436) | Microsoft PDF Memory Corruption Vulnerability | [CVE-2017-0023](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0023) | Henry Li (zenhumany) of [Trend Micro](http://www.trendmicro.com/) |
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) | Hyper-V vSMB Remote Code Execution Vulnerability | [CVE-2017-0021](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0021) | Saruhan Karademir |
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) | Hyper-V vSMB Remote Code Execution Vulnerability | [CVE-2017-0021](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0021) | Jordan Rabet, Microsoft Offensive Security Research Team |
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) | Microsoft Hyper-V Network Switch Denial of Service Vulnerability | [CVE-2017-0051](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0051) | Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/) |
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) | Hyper-V Denial of Service Vulnerability | [CVE-2017-0074](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0074) | Alexander Malysh, Microsoft Network Virtualization Team |
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) | Hyper-V Denial of Service Vulnerability | [CVE-2017-0074](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0074) | Sumit Dhoble, Microsoft Network Virtualization Team |
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) | Hyper-V Remote Code Execution Vulnerability | [CVE-2017-0075](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0075) | Jordan Rabet, Microsoft Offensive Security Research Team |
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) | Hyper-V Denial of Service Vulnerability | [CVE-2017-0076](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0076) | Joe Bialek, MSRC Vulnerabilities and Mitigations Team |
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) | Hyper-V vSMB Remote Code Execution Vulnerability | [CVE-2017-0095](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0095) | Jonathan Bar Or, Windows Defender ATP Research Team |
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) | Hyper-V Information Disclosure Vulnerability | [CVE-2017-0096](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0096) | Jordan Rabet, Microsoft Offensive Security Research Team |
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) | Hyper-V Denial of Service Vulnerability | [CVE-2017-0097](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0097) | MSRC Vulnerabilities and Mitigations Team |
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) | Hyper-V Denial of Service Vulnerability | [CVE-2017-0097](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0097) | Lakewood Communications |
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) | Hyper-V Denial of Service Vulnerability | [CVE-2017-0099](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0099) | Jordan Rabet, Microsoft Offensive Security Research Team |
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) | Hyper-V Remote Code Execution Vulnerability | [CVE-2017-0109](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0109) | MSRC Vulnerabilities and Mitigations Team |
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) | Defense-in-depth | ----------------- | Yanhui Zhao, Ke Sun of Intel SeCoE Ya Ou, Xiaomin Song, Xiaoning Li of Intel Labs |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2017-0009](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0009) | Scott Bell of Security-Assessment.com |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0010](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0010) | Zhang Hanming of [Qihoo 360 Vulcan Team](http://www.360.cn/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0010](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0010) | Dhanesh Kizhakkinan of [FireEye Inc](https://www.fireeye.com/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Microsoft Edge Information Disclosure Vulnerability | [CVE-2017-0011](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0011) | Suto, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Microsoft Browser Spoofing Vulnerability | [CVE-2017-0012](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0012) | Zhang Lin, [http://xsseng.com](http://xsseng.com/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0015](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0015) | Lokihart working with [POC](http://powerofcommunity.net/)/[PwnFest](http://pwnfest.org/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0015](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0015) | Simon Zuckerbraun, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0015](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0015) | [Qixun Zhao](http://www.weibo.com/babyboaes) of [Qihoo 360 Skyeye Labs](http://www.360.cn/) |
[MS17-007](https://go.microsoft.com/fwlink/?l) | Microsoft Edge Information Disclosure Vulnerability | [CVE-2017-0017](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0017) | Masato Kinugawa of [Cure53](https://cure53.de/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0032](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0032) | Hao Linan of [Qihoo 360 Vulcan Team](http://www.360.cn/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0032](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0032) | Anonymous, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0032](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0032) | [Qixun Zhao](http://www.weibo.com/babyboaes) of [Qihoo 360 Skyeye Labs](http://www.360.cn/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Microsoft Edge Memory Corruption Vulnerability | [CVE-2017-0034](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0034) | Zhong Zhaochen ([@asnine](https://twitter.com/asnine)) of [Neusoft](http://neusoft.com/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0035](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0035) | Dhanesh Kizhakkinan of [FireEye Inc](https://www.fireeye.com/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2017-0037](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0037) | Ivan Fratric working with [Google Project Zero](http://www.google.com/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2017-0065](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0065) | Henri Aho - |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Microsoft Browser Security Feature Bypass Vulnerability | [CVE-2017-0066](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0066) | Jun Kokatsu ([@shhnjk](https://twitter.com/shhnjk)) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0067](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0067) | Dhanesh Kizhakkinan of [FireEye Inc](https://www.fireeye.com/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0067](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0067) | [Gary Kwong](https://github.com/nth10sd/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0067](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0067) | bee13oy of CloverSec Labs, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0067](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0067) | Henry Li (zenhumany) of [Trend Micro](http://www.trendmicro.com/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2017-0068](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0068) | Jun Kokatsu ([@shhnjk](https://twitter.com/shhnjk)) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Microsoft Edge Spoofing Vulnerability | [CVE-2017-0069](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0069) | Jun Kokatsu ([@shhnjk](https://twitter.com/shhnjk)) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0070](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0070) | Lokihart of [Google Project Zero](http://www.google.com/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0071](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0071) | Lokihart of [Google Project Zero](http://www.google.com/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0094](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0094) | bee13oy of CloverSec Labs, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Microsoft Edge Memory Corruption Vulnerability | [CVE-2017-0131](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0131) | Dhanesh Kizhakkinan of [FireEye Inc](https://www.fireeye.com/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Microsoft Edge Memory Corruption Vulnerability | [CVE-2017-0132](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0132) | Microsoft Chakra Core Team |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerabilty | [CVE-2017-0133](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0133) | Dhanesh Kizhakkinan of [FireEye Inc](https://www.fireeye.com/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Microsoft Edge Security Feature Bypass | [CVE-2017-0134](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0134) | Jordan Rabet, Microsoft Offensive Security Research Team |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Microsoft Edge Security Feature Bypass | [CVE-2017-0135](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0135) | Xiaoyin Liu (@[general\_nfs](https://twitter.com/general_nfs)) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0136](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0136) | Michael Holman, Microsoft Chakra Core Team |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0137](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0136\7) | Nicolas Joly of MSRCE UK |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0138](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0138) | Scott Bell of Security-Assessment.com |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Microsoft Edge Security Feature Bypass | [CVE-2017-0140](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0140) | Yorick Koster of [Securify B.V.](https://securify.nl/) |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0141](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0141) | Semmle Inc |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0150](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0150) | Microsoft ChakraCore Team |
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0151](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0151) | Microsoft ChakraCore Team |
[MS17-006](https://go.microsoft.com/fwlink/?linkid=842208) | Microsoft Browser Information Disclosure Vulnerability | [CVE-2017-0009](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0009) | Scott Bell of Security-Assessment.com |
[MS17-006](https://go.microsoft.com/fwlink/?linkid=842208) | Internet Explorer Memory Corruption Vulnerability | [CVE-2017-0018](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0018) | Kai Song [exp-sky](http://exp-sky.org/) of [Tencent's Xuanwu Lab](http://www.tencent.com/), working with [Trend Micro's Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/) |
[MS17-006](https://go.microsoft.com/fwlink/?linkid=842208) | Microsoft Browser Memory Corruption Vulnerability | [CVE-2017-0037](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0037) | Ivan Fratric working with [Google Project Zero](http://www.google.com/) |
[MS17-006](https://go.microsoft.com/fwlink/?linkid=842208) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0040](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0040) | Scott Bell of Security-Assessment.com |
[MS17-006](https://go.microsoft.com/fwlink/?linkid=842208) | Scripting Engine Information Disclosure Vulnerability | [CVE-2017-0049](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0049) | Scott Bell of Security-Assessment.com |
[MS17-006](https://go.microsoft.com/fwlink/?linkid=842208) | Internet Explorer Information Disclosure Vulnerability | [CVE-2017-0059](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0059) | Ivan Fratric of [Google Project Zero](http://www.google.com/) |
[MS17-006](https://go.microsoft.com/fwlink/?linkid=842208) | Scripting Engine Memory Corruption Vulnerability | [CVE-2017-0130](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0130) | Scott Bell of Security-Assessment.com |
**January 2017** | |||
[MS17-004](https://go.microsoft.com/fwlink/?linkid=838352) | Local Security Authority Subsystem Service Denial of Service Vulnerability | [CVE-2017-0004](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0004) | Nicolás Economou of [Core Security](https://www.coresecurity.com/blog/unpatched-lsass-remote-denial-service-ms16-137) |
[MS17-004](https://go.microsoft.com/fwlink/?linkid=838352) | Local Security Authority Subsystem Service Denial of Service Vulnerability | [CVE-2017-0004](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0004) | Laurent Gaffie |
[MS17-002](https://go.microsoft.com/fwlink/?linkid=838332) | Microsoft Office Memory Corruption Vulnerability | [CVE-2017-0003](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0003) | Tony Loi of [Fortinet’s FortiGuard Labs](http://www.fortiguard.com/) |
[3109853](https://technet.microsoft.com/library/security/3109853.aspx) | Defense-in-depth | ----------------- | Thanks to Aaron Coleman, [Fitabase](https://www.fitabase.com/), for assistance in identifying the issue. |