Acknowledgments – 2017

Microsoft extends thanks to the following for working with us to help protect customers.

**Bulletin ID** **Vulnerability Title** **CVE ID** **Acknowledgment**
**March 2017**
[MS17-022](https://go.microsoft.com/fwlink/?linkid=839435) Microsoft XML Core Services Information Disclosure Vulnerability [CVE-2017-0022](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0022) Brooks Li and Joseph C Chen, [Trend Micro](http://www.trendmicro.com/)
[MS17-022](https://go.microsoft.com/fwlink/?linkid=839435) Microsoft XML Core Services Information Disclosure Vulnerability [CVE-2017-0022](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0022) Will Metcalf and Kafeine of [Proofpoint](https://www.proofpoint.com/)
[MS17-021](https://go.microsoft.com/fwlink/?linkid=839434) Windows DirectShow Information Disclosure Vulnerabitliy [CVE-2017-0042](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0042) Abdulrahman Alqabandi ([@qab](https://twitter.com/qab))
[MS17-020](https://go.microsoft.com/fwlink/?linkid=836272) Windows DVD Maker Cross-Site Request Forgery Vulnerability [CVE-2017-0045](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0045) John Page ([hyp3rlinx](http://hyp3rlinx.altervista.org/)), ApparitionSec
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) Win32k Elevation of Privilege Vulnerability [CVE-2017-0024](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0024) Hao Linan of [Qihoo 360 Vulcan Team](http://www.360.cn/), working with [POC](http://powerofcommunity.net/)/[PwnFest](http://pwnfest.org/)
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) Win32k Elevation of Privilege Vulnerability [CVE-2017-0024](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0024) [pgboy](http://weibo.com/pgboy1988) of [Qihoo 360 Vulcan Team](http://www.360.cn/) working with POC/PwnFest
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) Win32k Elevation of Privilege Vulnerability [CVE-2017-0024](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0024) [zhong\_sf](http://weibo.com/2641521260) of [Qihoo 360 Vulcan Team](http://www.360.cn/) working with POC/PwnFest
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) Win32k Elevation of Privilege Vulnerability [CVE-2017-0026](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0026) Hao Linan of [Qihoo 360 Vulcan Team](http://www.360.cn/), working with [POC](http://powerofcommunity.net/)/[PwnFest](http://pwnfest.org/)
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) Win32k Elevation of Privilege Vulnerability [CVE-2017-0026](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0026) [pgboy](http://weibo.com/pgboy1988) of [Qihoo 360 Vulcan Team](http://www.360.cn/) working with POC/PwnFest
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) Win32k Elevation of Privilege Vulnerability [CVE-2017-0026](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0026) [zhong\_sf](http://weibo.com/2641521260) of [Qihoo 360 Vulcan Team](http://www.360.cn/) working with POC/PwnFest
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) Win32k Elevation of Privilege Vulnerability [CVE-2017-0056](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0056) Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) Win32k Elevation of Privilege Vulnerability [CVE-2017-0056](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0056) [pgboy](http://weibo.com/pgboy1988) and [zhong\_sf](http://weibo.com/2641521260) of [Qihoo 360 Vulcan Team](http://www.360.cn/)
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) Win32k Elevation of Privilege Vulnerability [CVE-2017-0078](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0078) [pgboy](http://weibo.com/pgboy1988) and [zhong\_sf](http://weibo.com/2641521260) of [Qihoo 360 Vulcan Team](http://www.360.cn/)
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) Win32k Elevation of Privilege Vulnerability [CVE-2017-0079](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0079) [pgboy](http://weibo.com/pgboy1988) and [zhong\_sf](http://weibo.com/2641521260) of [Qihoo 360 Vulcan Team](http://www.360.cn/)
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) Win32k Elevation of Privilege Vulnerability [CVE-2017-0080](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0080) [pgboy](http://weibo.com/pgboy1988) and [zhong\_sf](http://weibo.com/2641521260) of [Qihoo 360 Vulcan Team](http://www.360.cn/)
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) Win32k Elevation of Privilege Vulnerability [CVE-2017-0081](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0081) [pgboy](http://weibo.com/pgboy1988) and [zhong\_sf](http://weibo.com/2641521260) of [Qihoo 360 Vulcan Team](http://www.360.cn/)
[MS17-018](https://go.microsoft.com/fwlink/?linkid=842217) Win32k Elevation of Privilege Vulnerability [CVE-2017-0082](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0082) [pgboy](http://weibo.com/pgboy1988) and [zhong\_sf](http://weibo.com/2641521260) of [Qihoo 360 Vulcan Team](http://www.360.cn/)
[MS17-017](https://go.microsoft.com/fwlink/?linkid=842216) Windows Elevation of Privilege Vulnerability [CVE-2017-0101](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0101) Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS17-017](https://go.microsoft.com/fwlink/?linkid=842216) Windows Registry Elevation of Privilege Vulnerability [CVE-2017-0103](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0103) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS17-017](https://go.microsoft.com/fwlink/?linkid=842216) Windows Registry Elevation of Privilege Vulnerability [CVE-2017-0103](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0103) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-016](https://go.microsoft.com/fwlink/?linkid=842209) Microsoft IIS Server XSS Elevation of Privilege Vulnerability [CVE-2017-0055](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0055) David Fernandez of [Sidertia Solutions](https://www.sidertia.com/)
[MS17-015](https://go.microsoft.com/fwlink/?linkid=842279) Microsoft Exchange Elevation of Privilege Vulnerability [CVE-2017-0110](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0110) Gabruel Lima ([@gabrielpato](http://twitter.com/gabrielpato))
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) Microsoft Office Memory Corruption Vulnerability [CVE-2017-0006](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0006) Yangkang & Liyadong & Wanglu of Qihoo [360 Qex Team](http://www.360.cn/)
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) Microsoft Office Memory Corruption Vulnerability [CVE-2017-0019](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0019) Tony Loi of [Fortinet's FortiGuard Labs](http://www.fortiguard.com/)
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) Microsoft Office Memory Corruption Vulnerability [CVE-2017-0019](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0019) Steven Vittitoe of [Google Project Zero](http://www.google.com/)
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) Microsoft Office Memory Corruption Vulnerability [CVE-2017-0020](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0020) Qiang Liu, [McAfee](http://www.mcafee.com/)
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) Microsoft Office Information Disclosure Vulnerability [CVE-2017-0027](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0027) Jaanus Kääp of [Clarified Security](http://www.clarifiedsecurity.com/)
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) Microsoft Office Denial of Service Vulnerability [CVE-2017-0029](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0029) David Wind of [XSEC infosec GmbH](https://www.xsec.at/)
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) Microsoft Office Memory Corruption Vulnerability [CVE-2017-0030](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0030) [@j00sean](https://twitter.com/j00sean)
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) Microsoft Office Memory Corruption Vulnerability [CVE-2017-0031](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0031) [@j00sean](https://twitter.com/j00sean)
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) Microsoft Office Memory Corruption Vulnerability [CVE-2017-0052](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0052) Yangkang & Liyadong & Wanglu of Qihoo [360 Qex Team](http://www.360.cn/)
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) Microsoft Office Memory Corruption Vulnerability [CVE-2017-0053](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0053) Haifei Li of [Intel Security](http://www.intelsecurity.com/)
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) Microsoft Office Information Disclosure Vulnerability [CVE-2017-0105](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0105) [Fortinet’s FortiGuard Labs](http://www.fortiguard.com/)
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) Microsoft SharePoint XSS Vulnerability [CVE-2017-0107](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0107) Cheah Khai Ee, ([@MercurialSec](https://twitter.com/mercurialsec))
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) Microsoft Lync for Mac Certificate Validation Vulnerability [CVE-2017-0129](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0129) Jerry Decime, Hewlett Packard Enterprise
[MS17-014](https://go.microsoft.com/fwlink/?linkid=842278) Defense-in-depth ----------------- [@j00sean](https://twitter.com/j00sean)
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) Windows GDI Elevation of Privilege Vulnerability [CVE-2017-0001](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0001) Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) Windows GDI Elevation of Privilege Vulnerability [CVE-2017-0005](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0005) Lockheed Martin Computer Incident Response Team
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) Windows Graphics Component Remote Code Execution Vulnerability [CVE-2017-0014](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0014) Hossein Lotfi, [Secunia Research at Flexera Software](http://www.flexerasoftware.com/enterprise/company/about/secunia-research/)
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) Windows GDI Elevation of Privilege Vulnerability [CVE-2017-0025](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0025) Lokihart working with [POC](http://powerofcommunity.net/)/[PwnFest](http://pwnfest.org/)
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) Windows Graphics Component Information Disclosure Vulnerability [CVE-2017-0038](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0038) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) Windows GDI Elevation of Privilege Vulnerability [CVE-2017-0047](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0047) bee13oy of CloverSec Labs, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) GDI+ Information Disclosure vulnerability [CVE-2017-0060](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0060) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) Microsoft Color Management Information Disclosure vulnerability [CVE-2017-0061](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0061) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) GDI+ Information Disclosure Vulnerability [CVE-2017-0062](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0062) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) Microsoft Color Management Information Disclosure vulnerability [CVE-2017-0063](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0063) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) Windows GDI+ Information Disclosure Vulnerability [CVE-2017-0073](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0073) Symeon Paraschoudis of [SensePost](https://sensepost.com/)
[MS17-013](https://go.microsoft.com/fwlink/?linkid=842210) Graphics Component Remote Code Execution Vulnerability [CVE-2017-0108](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0108) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-012](https://go.microsoft.com/fwlink/?linkid=842212) Device Guard Security Feature Bypass Vulnerability [CVE-2017-0007](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0007) Matt Nelson ([@enigma0x3](https://twitter.com/enigma0x3))
[MS17-012](https://go.microsoft.com/fwlink/?linkid=842212) Windows DLL Loading Remote Code Execution Vulnerability [CVE-2017-0039](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0039) lywang of [Tencent’s Xuanwu LAB](http://www.tencent.com/)
[MS17-012](https://go.microsoft.com/fwlink/?linkid=842212) Windows DNS Query Information Disclosure Vulnerability [CVE-2017-0057](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0057) Martin Knafve -
[MS17-012](https://go.microsoft.com/fwlink/?linkid=842212) Windows COM Elevation of Privilege Vulnerability [CVE-2017-0100](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0100) James Forshaw of [Google Project Zero](http://www.google.com/)
[MS17-012](https://go.microsoft.com/fwlink/?linkid=842212) iSNS Server Memory Corruption Vulnerability [CVE-2017-0104](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0104) [Fortinet’s FortiGuard Labs](http://www.fortiguard.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Remote Code Execution Vulnerability [CVE-2017-0072](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0072) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Remote Code Execution Vulnerability [CVE-2017-0083](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0083) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Remote Code Execution Vulnerability [CVE-2017-0084](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0084) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Information Disclosure Vulnerability [CVE-2017-0085](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0085) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Remote Code Execution Vulnerability [CVE-2017-0086](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0086) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Remote Code Execution Vulnerability [CVE-2017-0087](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0087) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Remote Code Execution Vulnerability [CVE-2017-0088](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0088) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Remote Code Execution Vulnerability [CVE-2017-0089](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0089) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Remote Code Execution Vulnerability [CVE-2017-0090](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0090) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Information Disclosure Vulnerability [CVE-2017-0091](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0091) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Information Disclosure Vulnerability [CVE-2017-0092](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0092) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Information Disclosure Vulnerability [CVE-2017-0111](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0111) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Information Disclosure Vulnerability [CVE-2017-0112](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0112) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Information Disclosure Vulnerability [CVE-2017-0113](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0113) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Information Disclosure Vulnerability [CVE-2017-0114](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0114) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Information Disclosure Vulnerability [CVE-2017-0115](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0115) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Information Disclosure Vulnerability [CVE-2017-0116](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0116) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Information Disclosure Vulnerability [CVE-2017-0117](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0117) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Information Disclosure Vulnerability [CVE-2017-0118](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0118) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Information Disclosure Vulnerability [CVE-2017-0119](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0119) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Information Disclosure Vulnerability [CVE-2017-0120](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0120) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Information Disclosure Vulnerability [CVE-2017-0121](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0121) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Information Disclosure Vulnerability [CVE-2017-0122](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0122) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Information Disclosure Vulnerability [CVE-2017-0123](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0123) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Information Disclosure Vulnerability [CVE-2017-0124](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0124) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Information Disclosure Vulnerability [CVE-2017-0125](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0125) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Information Disclosure Vulnerability [CVE-2017-0126](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0126) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Information Disclosure Vulnerability [CVE-2017-0127](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0127) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-011](https://go.microsoft.com/fwlink/?linkid=842211) Uniscribe Information Disclosure Vulnerability [CVE-2017-0128](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0128) Mateusz Jurczyk of [Google Project Zero](http://www.google.com/)
[MS17-009](https://go.microsoft.com/fwlink/?linkid=839436) Microsoft PDF Memory Corruption Vulnerability [CVE-2017-0023](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0023) Henry Li (zenhumany) of [Trend Micro](http://www.trendmicro.com/)
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) Hyper-V vSMB Remote Code Execution Vulnerability [CVE-2017-0021](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0021) Saruhan Karademir
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) Hyper-V vSMB Remote Code Execution Vulnerability [CVE-2017-0021](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0021) Jordan Rabet, Microsoft Offensive Security Research Team
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) Microsoft Hyper-V Network Switch Denial of Service Vulnerability [CVE-2017-0051](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0051) Peter Hlavaty ([@zer0mem](https://twitter.com/zer0mem)), KeenLab, [Tencent](http://www.tencent.com/)
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) Hyper-V Denial of Service Vulnerability [CVE-2017-0074](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0074) Alexander Malysh, Microsoft Network Virtualization Team
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) Hyper-V Denial of Service Vulnerability [CVE-2017-0074](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0074) Sumit Dhoble, Microsoft Network Virtualization Team
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) Hyper-V Remote Code Execution Vulnerability [CVE-2017-0075](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0075) Jordan Rabet, Microsoft Offensive Security Research Team
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) Hyper-V Denial of Service Vulnerability [CVE-2017-0076](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0076) Joe Bialek, MSRC Vulnerabilities and Mitigations Team
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) Hyper-V vSMB Remote Code Execution Vulnerability [CVE-2017-0095](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0095) Jonathan Bar Or, Windows Defender ATP Research Team
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) Hyper-V Information Disclosure Vulnerability [CVE-2017-0096](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0096) Jordan Rabet, Microsoft Offensive Security Research Team
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) Hyper-V Denial of Service Vulnerability [CVE-2017-0097](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0097) MSRC Vulnerabilities and Mitigations Team
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) Hyper-V Denial of Service Vulnerability [CVE-2017-0097](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0097) Lakewood Communications
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) Hyper-V Denial of Service Vulnerability [CVE-2017-0099](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0099) Jordan Rabet, Microsoft Offensive Security Research Team
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) Hyper-V Remote Code Execution Vulnerability [CVE-2017-0109](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0109) MSRC Vulnerabilities and Mitigations Team
[MS17-008](https://go.microsoft.com/fwlink/?linkid=842215) Defense-in-depth ----------------- Yanhui Zhao, Ke Sun of Intel SeCoE Ya Ou, Xiaomin Song, Xiaoning Li of Intel Labs
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Microsoft Browser Information Disclosure Vulnerability [CVE-2017-0009](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0009) Scott Bell of Security-Assessment.com
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0010](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0010) Zhang Hanming of [Qihoo 360 Vulcan Team](http://www.360.cn/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0010](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0010) Dhanesh Kizhakkinan of [FireEye Inc](https://www.fireeye.com/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Microsoft Edge Information Disclosure Vulnerability [CVE-2017-0011](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0011) Suto, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Microsoft Browser Spoofing Vulnerability [CVE-2017-0012](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0012) Zhang Lin, [http://xsseng.com](http://xsseng.com/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0015](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0015) Lokihart working with [POC](http://powerofcommunity.net/)/[PwnFest](http://pwnfest.org/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0015](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0015) Simon Zuckerbraun, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0015](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0015) [Qixun Zhao](http://www.weibo.com/babyboaes) of [Qihoo 360 Skyeye Labs](http://www.360.cn/)
[MS17-007](https://go.microsoft.com/fwlink/?l) Microsoft Edge Information Disclosure Vulnerability [CVE-2017-0017](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0017) Masato Kinugawa of [Cure53](https://cure53.de/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0032](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0032) Hao Linan of [Qihoo 360 Vulcan Team](http://www.360.cn/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0032](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0032) Anonymous, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0032](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0032) [Qixun Zhao](http://www.weibo.com/babyboaes) of [Qihoo 360 Skyeye Labs](http://www.360.cn/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Microsoft Edge Memory Corruption Vulnerability [CVE-2017-0034](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0034) Zhong Zhaochen ([@asnine](https://twitter.com/asnine)) of [Neusoft](http://neusoft.com/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0035](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0035) Dhanesh Kizhakkinan of [FireEye Inc](https://www.fireeye.com/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Microsoft Browser Memory Corruption Vulnerability [CVE-2017-0037](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0037) Ivan Fratric working with [Google Project Zero](http://www.google.com/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Microsoft Browser Information Disclosure Vulnerability [CVE-2017-0065](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0065) Henri Aho -
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Microsoft Browser Security Feature Bypass Vulnerability [CVE-2017-0066](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0066) Jun Kokatsu ([@shhnjk](https://twitter.com/shhnjk))
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0067](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0067) Dhanesh Kizhakkinan of [FireEye Inc](https://www.fireeye.com/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0067](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0067) [Gary Kwong](https://github.com/nth10sd/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0067](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0067) bee13oy of CloverSec Labs, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0067](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0067) Henry Li (zenhumany) of [Trend Micro](http://www.trendmicro.com/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Microsoft Browser Information Disclosure Vulnerability [CVE-2017-0068](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0068) Jun Kokatsu ([@shhnjk](https://twitter.com/shhnjk))
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Microsoft Edge Spoofing Vulnerability [CVE-2017-0069](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0069) Jun Kokatsu ([@shhnjk](https://twitter.com/shhnjk))
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0070](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0070) Lokihart of [Google Project Zero](http://www.google.com/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0071](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0071) Lokihart of [Google Project Zero](http://www.google.com/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0094](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0094) bee13oy of CloverSec Labs, working with [Trend Micro’s Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Microsoft Edge Memory Corruption Vulnerability [CVE-2017-0131](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0131) Dhanesh Kizhakkinan of [FireEye Inc](https://www.fireeye.com/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Microsoft Edge Memory Corruption Vulnerability [CVE-2017-0132](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0132) Microsoft Chakra Core Team
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerabilty [CVE-2017-0133](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0133) Dhanesh Kizhakkinan of [FireEye Inc](https://www.fireeye.com/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Microsoft Edge Security Feature Bypass [CVE-2017-0134](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0134) Jordan Rabet, Microsoft Offensive Security Research Team
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Microsoft Edge Security Feature Bypass [CVE-2017-0135](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0135) Xiaoyin Liu (@[general\_nfs](https://twitter.com/general_nfs))
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0136](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0136) Michael Holman, Microsoft Chakra Core Team
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0137](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0136\7) Nicolas Joly of MSRCE UK
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0138](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0138) Scott Bell of Security-Assessment.com
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Microsoft Edge Security Feature Bypass [CVE-2017-0140](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0140) Yorick Koster of [Securify B.V.](https://securify.nl/)
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0141](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0141) Semmle Inc
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0150](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0150) Microsoft ChakraCore Team
[MS17-007](https://go.microsoft.com/fwlink/?linkid=842207) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0151](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0151) Microsoft ChakraCore Team
[MS17-006](https://go.microsoft.com/fwlink/?linkid=842208) Microsoft Browser Information Disclosure Vulnerability [CVE-2017-0009](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0009) Scott Bell of Security-Assessment.com
[MS17-006](https://go.microsoft.com/fwlink/?linkid=842208) Internet Explorer Memory Corruption Vulnerability [CVE-2017-0018](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0018) Kai Song [exp-sky](http://exp-sky.org/) of [Tencent's Xuanwu Lab](http://www.tencent.com/), working with [Trend Micro's Zero Day Initiative (ZDI)](http://www.zerodayinitiative.com/)
[MS17-006](https://go.microsoft.com/fwlink/?linkid=842208) Microsoft Browser Memory Corruption Vulnerability [CVE-2017-0037](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0037) Ivan Fratric working with [Google Project Zero](http://www.google.com/)
[MS17-006](https://go.microsoft.com/fwlink/?linkid=842208) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0040](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0040) Scott Bell of Security-Assessment.com
[MS17-006](https://go.microsoft.com/fwlink/?linkid=842208) Scripting Engine Information Disclosure Vulnerability [CVE-2017-0049](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0049) Scott Bell of Security-Assessment.com
[MS17-006](https://go.microsoft.com/fwlink/?linkid=842208) Internet Explorer Information Disclosure Vulnerability [CVE-2017-0059](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0059) Ivan Fratric of [Google Project Zero](http://www.google.com/)
[MS17-006](https://go.microsoft.com/fwlink/?linkid=842208) Scripting Engine Memory Corruption Vulnerability [CVE-2017-0130](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0130) Scott Bell of Security-Assessment.com
**January 2017**
[MS17-004](https://go.microsoft.com/fwlink/?linkid=838352) Local Security Authority Subsystem Service Denial of Service Vulnerability [CVE-2017-0004](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0004) Nicolás Economou of [Core Security](https://www.coresecurity.com/blog/unpatched-lsass-remote-denial-service-ms16-137)
[MS17-004](https://go.microsoft.com/fwlink/?linkid=838352) Local Security Authority Subsystem Service Denial of Service Vulnerability [CVE-2017-0004](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0004) Laurent Gaffie
[MS17-002](https://go.microsoft.com/fwlink/?linkid=838332) Microsoft Office Memory Corruption Vulnerability [CVE-2017-0003](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0003) Tony Loi of [Fortinet’s FortiGuard Labs](http://www.fortiguard.com/)
[3109853](https://technet.microsoft.com/library/security/3109853.aspx) Defense-in-depth ----------------- Thanks to Aaron Coleman, [Fitabase](https://www.fitabase.com/), for assistance in identifying the issue.