The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time DST bias. Additionally, the dates and times may change when you perform certain operations on the files.
Protect yourself online: Windows Security support. Learn how we guard against cyber threats: Microsoft Security. Need more help? Expand your skills. Get new features first. Was this information helpful? Yes No. Thank you! Any more feedback? The more you tell us the more we can help. Can you help us improve? Resolved my issue. Clear instructions.
The affected software listed in this bulletin have been tested to determine which releases are affected. Other releases are past their support life cycle. For more information about the product lifecycle, see the Microsoft Support Lifecycle website. It should be a priority for customers who have older releases of the software to migrate to supported releases to prevent potential exposure to vulnerabilities. To determine the support lifecycle for your software release, see Select a Product for Lifecycle Information.
For more information about service packs for these software releases, see Service Pack Lifecycle Support Policy. Customers who require custom support for older software must contact their Microsoft account team representative, their Technical Account Manager, or the appropriate Microsoft partner representative for custom support options. Customers without an Alliance, Premier, or Authorized Contract can contact their local Microsoft sales office.
For contact information, see the Microsoft Worldwide Information website, select the country in the Contact Information list, and then click Go to see a list of telephone numbers. When you call, ask to speak with the local Premier Support sales manager. The following severity ratings assume the potential maximum impact of the vulnerability. For information regarding the likelihood, within 30 days of this security bulletin's release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the October bulletin summary.
For more information, see Microsoft Exploitability Index. The script could spoof content, disclose information, or take any action that the user could take on the site on behalf of the targeted user. Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability.
The following mitigating factors may be helpful in your situation:. Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:. XSS filter is enabled by default in the Internet security zone. To do this, perform the following steps:. Impact of workaround.
Internal sites not previously flagged as being XSS risks could be flagged. What is the scope of the vulnerability? This is a reflected XSS vulnerability that could allow elevation of privilege.
What causes the vulnerability? What is cross-site scripting XSS? Cross-site scripting XSS is a class of security vulnerability that can enable an attacker to inject script into the response to a webpage request.
This script is then run by the requesting application, often times a web browser. The script could then spoof content, disclose information, or take any action that the user could take on the affected website, on behalf of the targeted user.
What might an attacker use the vulnerability to do? An attacker who successfully exploited this vulnerability could inject a client-side script into the user's instance of Internet Explorer.
How could an attacker exploit the vulnerability? An attacker could exploit the vulnerability by sending a specially crafted link to the user and convincing the user to click the link. An attacker could also host a website that contains a webpage designed to exploit this vulnerability. What systems are primarily at risk from the vulnerability? What does the update do? When this security bulletin was issued, had this vulnerability been publicly disclosed?
Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers when this security bulletin was originally issued.
Manage the software and security updates you need to deploy to the servers, desktop, and mobile systems in your organization. The Microsoft TechNet Security website provides additional information about security in Microsoft products. Security updates are available from Microsoft Update and Windows Update. Security updates are also available from the Microsoft Download Center.
You can find them most easily by doing a keyword search for "security update. Finally, security updates can be downloaded from the Microsoft Update Catalog.
The Microsoft Update Catalog provides a searchable catalog of content made available through Windows Update and Microsoft Update, including security updates, drivers and service packs. Download Now. Developer's Description By Microsoft. Full Specifications. What's new in version 8. Release December 5, Date Added August 28, Version 8. Operating Systems. Total Downloads 4, Downloads Last Week 0. Report Software.
Related Software. Facilitate transfer of data between Microsoft Office System files and non-Microsoft Office applications. Microsoft Access Runtime bit Free. Enable you to distribute Access applications to users who do not have the full version of Access installed on their computers. Learn and build desktop and small server applications and redistribute by ISVs.
0コメント