Me, myself & IT

Acknowledgements, Bounties, Citations, Credits, Kudos, References, Rewards and Thanks

MSRC Researcher Recognition Program Leaderboard; 2024-01-30: Congratulations to the Top MSRC 2023 Q4 Security Researchers!; 2023 Q4

MSRC Acknowledgements; 2024-01-09: CVE-2024-21325; Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability

MSRC Researcher Recognition Program Leaderboard; 2023-08-08: Congratulations to the MSRC 2023 Most Valuable Researchers!; 2023

MSRC Researcher Recognition Program Leaderboard; 2023-04-13: Congratulations to the Top MSRC 2023 Q1 Security Researchers!; 2023 Q1

MSRC Acknowledgements; 2022-01-11: CVE-2021-22947; Open Source Curl Remote Code Execution Vulnerability

Security Advisory; Intel Graphics Drivers for Windows; 2020-08-11: Intel^® Graphics Drivers Installer Local Privilege Escalation Vulnerability

Security Advisory; Intel PROSet/Wireless Software and Drivers for Windows; 2019-05-14: Intel^® PROSet/Wireless Software and Drivers for Windows Privilege Escalation Vulnerability

Security Bulletin: NVIDIA GeForce Experience - May 2019; 2019-05-30: Nvidia GeForcce Experience for Windows Privilege Escalation Vulnerability

Security Bulletin: NVIDIA GPU Display Driver - May 2019; 2019-05-09: Nvidia GPU Driver for Windows Privilege Escalation Vulnerability

Security Advisory; Apple iCloud for Windows 7.11; 2019-03-25: About the security content of iCloud for Windows 7.11

Security Advisory; Apple iTunes for Windows 12.9.4; 2019-03-25: About the security content of iTunes 12.9.4 for Windows

Security Advisory; Intel Rapid Store Technology; 2018-11-13: Intel^® Rapid Store Technology Privilege Escalation Vulnerability

Security Researcher Acknowledgments for Microsoft Online Services – Current Month; Microsoft; 2018-10: October 2018 Security Researchers

Thomas Claburn; The Register; 2018-10-08: Intel's commitment to making its stuff secure is called into question

Security Advisory; Intel Extreme Tuning Utility; 2018-09-11: Intel^® Extreme Tuning Utility Privilege Escalation Vulnerability

Thomas Claburn; The Register; 2018-08-22: Microsoft Visual Studio C++ Runtime installers were built to fail

Security Researcher Acknowledgments for Microsoft Online Services – Prior Months; Microsoft; 2018-06: June 2018 Security Researchers

Security Advisory; Intel Processor Diagnostic Tool; 2018-06-27: Intel^® Processor Diagnostic Tool Privilege Escalation Vulnerability

Security Researcher Acknowledgments for Microsoft Online Services – Prior Months; Microsoft; 2018-04: April 2018 Security Researchers

Contributors; cURL; 2018-03-14: [RELEASE] curl and libcurl 7.59.0

Gilbert Kallenbach; 01net.com; 2018-02-20: Pourquoi il faut se méfier de Skype et de ses programmes d‘installation

Adrian Branco; 01net.com; 2018-02-19: Microsoft distribue ses mises à jour de sécurité via des liens… non sécurisés

Woody Leonhard; Computerworld; 2018-02-16: Microsoft is distributing security patches through insecure HTTP links

Rene Millman; PC & Tech Authority; 2018-02-15: Skype security flaw 'ignored' by Microsoft could let hackers into your computer

Zack Whittacker; ZDNet; 2018-02-12: Skype can't fix a nasty security bug without a massive code rewrite

Security Advisory; QNAP; 2017-12-08: Security Advisory for DLL Hijacking vulnerability in Qsync for Windows (exe)

Security Advisory; Cisco; 2017-11-15: Cisco FindIT Discovery Utility Insecure Library Loading Vulnerability

Catalin Cimpanu; Bleeping Computer; 2017-10-27: Hackers Can Steal Windows Login Credentials Without User Interaction

Acknowledgments – October 2017; Microsoft; 2017-10-10: Defense-in-depth (ADV170017)

The MSRC Top 100 Security Researchers; Microsoft; 2017-08-07: The MSRC Top 100 Security Researchers

Security Advisory; Intel SSD Toolbox; 2017-05-30: Elevation of Privilege in Intel^® Solid State Drive Toolbox^™

Akila Srinivasan, Microsoft Security Response Center; Microsoft; 2016-10-27: The inner workings of the Microsoft Bounty Program: Top 100 Finders for 2016

Security Advisory; Apache OpenOffice; 2016-10-11: Windows Installer Execution of Arbitrary Code with Elevated Privileges

Security Researcher Acknowledgments for Microsoft Online Services – Prior Months; Microsoft; 2016-09: September & October 2016 Security Researchers

Security Advisory; VMware; 2016-09-13: VMSA-2016-0014; VMSA-2016-0014

Contribute & Reference list; MITRE; 2016-07-29: Contribute – ATT&CK; Reference list – ATT&CK

Catalin Cimpanu; Softpedia; 2016-07-26: Windows 10 Disk Cleanup Utility Abused to Bypass UAC

Contributors; cURL; 2016-07-21: [RELEASE] curl and libcurl 7.50.0

Thanks; cURL; 2016-07-21: cURL – THANKS

Vulnerability note; PuTTY; 2016-07-19: PuTTY vulnerability vuln-indirect-dll-hijack

Security Bulletin; Adobe; 2016-07-12: Adobe Security Bulletin APSB16-25

Will Dormann; CERT/CC; 2016-06-30: Bypassing Application Whitelisting

Security Advisory; cURL; 2016-05-30: cURL – Windows DLL hijacking

Security Advisory; Apple iTunes for Windows 12.4; 2016-05-16: About the security content of iTunes 12.4

Security Bulletin; Adobe; 2016-04-07: Adobe Security Bulletin APSB16-10

Comodo Internet Security Release Notes; Comodo; 2016-03-22: Comodo Internet Security Release Notes

Vulnerability Reward Program Hall of Fame; F-Secure; 2016: 2016 – Hall of Fame

Customer Advisory; ESET; 2016-02-19: ESET Customer Advisory: Mitigations for vulnerabilities in ESET’s EXE installers

Check Point response to ZoneAlarm DLL injection; Check Point; 2016-02-18: Check Point response to ZoneAlarm DLL injection

ComputerBild; 2016-02-10: Java-Patchday: Oracle bringt außerplanmäßiges Java-Update

Catalin Cimpanu; Softpedia; 2016-02-08: DLL Hijacking Issue Plagues Products like Firefox, Chrome, iTunes, OpenOffice

Eduard Kovacs; SecurityWeek; 2016-02-08: Oracle Patches Java Installer Vulnerability

Richard Chirgwin; The Register; 2016-02-08: Oracle issues emergency patch for Java on Windows

Oracle Security Alert; Oracle; 2016-02-05: Oracle Security Alert for CVE-2016-0603

WiX v3.10.2 released; FireGiant; 2016-01-21: WiX v3.10.2 released

Oracle Critical Patch Update Advisory – January 2016; Oracle; 2016-01-19: Oracle Critical Patch Update Advisory – January 2016

Release Notes; VeraCrypt; 2016-01-18: Release Notes, 1.17-BETA17 (January 18^th, 2016)

Changelog CloneBD Blu-ray Media Converter; Elaborate Bytes; 2016-01-14: Changelog CloneBD Blu-ray Media Converter

Acknowledgments – 2016; Microsoft; 2016-01-12: MS16-007 (DLL Loading Elevation of Privilege Vulnerability); MS16-007 (DLL Loading Elevation of Privilege Vulnerability)

Security Advisory; VeraCrypt Team, Mounir IDRASSI; 2016-01-11: CVE-2016-1281: TrueCrypt and VeraCrypt Windows installers allow arbitrary code execution with elevation of privilege

Vulnerability report; Emsisoft; 2016-01-08: Vulnerability report – emsisoft.de

Vulnerability Report: List of Advisories; Kaspersky Lab; 2015-12-23: Advisory issued on 23th December, 2015

Information Security; Rapid7; 2015-12-21: ScanNow DLL Search Order Hijacking Vulnerability and Deprecation

Vulnerability Reward Program Hall of Fame; F-Secure; 2015: 2015 – Honorable Mentions

Security Advisory; F-Secure; 2015-12-17: FSC-2015-4: DLL pre-loading attack in Online Scanner

Security Bulletin; Intel; 2015-12-14: Intel Security – Security Bulletin: Security patch for several McAfee installers and uninstallers

Change log; Nmap; 2015-12-09: Nmap Changelog

Security Advisory; Gpg4win; 2015-11-25: Security Advisory Gpg4win 2015-11-25

Richard Chirgwin; The Register; 2015-11-03: Dev to Mozilla: Please dump ancient Windows install processes

Jason Shirk, Microsoft Security Response Center; Microsoft; 2015-10-20: Microsoft Bounty Program: Making it to the MSRC Top 100

Threat Intelligence Database; scip AG; 2015-09-18: Apple iTunes up to 12.2 buffer overflow [CVE-2010-3190]

Security Advisory; Apple iTunes for Windows 12.3; 2015-09-11: About the security content of iTunes 12.3

Catalin Cimpanu; Softpedia; 2015-08-05: Mozilla Thunderbird 38+ Poses Security Risk via Its Lightning Extension

Security Researcher Acknowledgments for Microsoft Online Services – Prior Months; Microsoft; 2015-06: June & July 2015 Security Researchers

Acknowledgments – 2014; Microsoft; 2014-08-12: MS14-049 (Defense-in-depth changes)

Security Bulletin; Microsoft; 2014-08-12: Microsoft Security Bulletin MS14-049 – Important; Microsoft Security Bulletin Summary for August 2014

Security Researcher Acknowledgments for Microsoft Online Services – Prior Months; Microsoft; 2014-05: May 2014 Security Researchers

Threat Intelligence Database; scip AG; 2014-05-22: HP HP OfficeJet 6700 Driver Installer privilege escalation

Threat Intelligence Database; scip AG; 2014-04-09: Microsoft Windows up to 2012 R2 Batch File Handler CreateProcess() buffer overflow

Acknowledgments – 2014; Microsoft; 2014-04-08: MS14-019 (Windows File Handling Vulnerability)

Security Bulletin; Microsoft; 2014-04-08: Microsoft Security Bulletin MS14-019 – Critical; Microsoft Security Bulletin Summary for April 2014

Steven M. Bellovin, Matt Blaze, Sandy Clark, and Susan Landau; Northwestern Journal of Technology & Intellectual Property, Volume 12 Issue 1 (2014); 2014-04-08: Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet

Charalampos harkaz Kazakos; 2013-09-09: Welcome to Windows XP Service Pack 4

Threat Intelligence Database; scip AG; 2013-08-28: Mozilla Firefox/Thunderbird prior 23.0 on Windows Path Handler UninstallString privilege escalation

Threat Intelligence Database; scip AG; 2013-05-13: Microsoft Security Essentials up to 4.1 Registry buffer overflow

Cal Leeming; 2013-05-10: Analysis of Cisco 7940, SIP ALG and NAT traversal problems

Bojan Zdrnja; Internet Storm Center; 2010-08-23: DLL hijacking vulnerabilities

Security Bulletin; Microsoft; 2010-08-02: Microsoft Security Bulletin MS10-046 – Critical; Microsoft Security Bulletin Summary for August 2010

Ray Johnston; Ghostscript; 2010-02-01: History of Ghostscript versions 8.xx; Detailed History of Ghostscript versions 8.xx

Holger Klemm; Multimedia4Linux; 2009-01-03: DVD-RAM Howto

Olof Lagerkvist; LTR Data; 2008-05-28: Tools and utilities for Windows

Ken Kato; VM Back; 2008-02-06: Virtual Floppy Drive 2.1: vulnerable zlib; Virtual Floppy Drive 2.1: vulnerable zlib

Jürgen Schmidt; The H Security; 2007-12-21: Antivirus software as a malware gateway

Mike Barwise; The H Security; 2007-10-22: BitDefender, GSView and cURL are vulnerable due to obsolete compression library

Linux Weekly News; 2005-06-27: ClamAV: denial of service

Paul Whittaker; Diet-PC; 2004-11-07: Configuring Windows 2000/2003 for Etherboot

Ralph Briel; Outlook Express FAQ; 2003: 3.23 Wie kann ich das Euro-Währungssymbol korrekt verschicken?

Johann Ebend; Windows 2000 FAQ; 2002: Windows 2000 FAQ

Mariusz Zynel; Multi-booting Solaris and other operating systems; 2001-11-11: I.1 Preface; I.4 History

Andrew Clausen; GNU parted; 2000-02-23: parted-3.2/THANKS

Contact and Feedback

If you miss anything here, have additions, comments, corrections, criticism or questions, want to give feedback, hints or tipps, report broken links, bugs, deficiencies, errors, inaccuracies, misrepresentations, omissions, shortcomings, vulnerabilities or weaknesses, …: don’t hesitate to contact me and feel free to ask, comment, criticise, flame, notify or report!

Use the X.509 certificate to send S/MIME encrypted mail.

Note: email in weird format and without a proper sender name is likely to be discarded!

I dislike HTML (and even weirder formats too) in email, I prefer to receive plain text.
I also expect to see your full (real) name as sender, not your nickname.
I abhor top posts and expect inline quotes in replies.

Terms and Conditions

By using this site, you signify your agreement to these terms and conditions. If you do not agree to these terms and conditions, do not use this site!

The software and the documentation on this site are provided as is without any warranty, neither express nor implied.
In no event will the author be held liable for any damage(s) arising from the use of the software or the documentation.
Permission is granted to use the current version of the software and the current version of the documentation solely for personal private and non-commercial purposes.
An individuals use of the software or the documentation in his or her capacity or function as an agent, (independent) contractor, employee, member or officer of a business, corporation or organisation (commercial or non-commercial) does not qualify as personal private and non-commercial purpose.
Without written approval from the author the software or the documentation must not be used for a business, for commercial, corporate, governmental, military or organisational purposes of any kind, or in a commercial, corporate, governmental, military or organisational environment of any kind.
Redistribution of the software and the documentation is allowed only in unmodified form of its current version and free of charge.

Data Protection Declaration

This web page records no (personal) data and stores no cookies in the web browser.

The web service is operated and provided by

Telekom Deutschland GmbH
Business Center
D-64306 Darmstadt
Germany
<‍hosting‍@‍telekom‍.‍de‍>
+49 800 5252033

The web service provider stores a session cookie in the web browser and records every visit of this web site with the following data in an access log on their server(s):

the (pseudonymised) IP address;
the date and time of the request;
the URL of the requested web page or file;
the Referer and User-Agent HTTP headers sent by the web browser;
the result (success or failure) of the request;
the amount of data received and sent.