MSRC Glossary

Welcome to the Microsoft Security Response Center (MSRC) Glossary. This resource is designed as a reference to help you better understand the terminology commonly used across Microsoft’s security advisories, vulnerability disclosures (CVEs), and product documentation. It provides clear definitions to support consistent understanding across our communications and help users navigate complex security concepts with confidence.

The glossary is maintained by the MSRC team and reflects current terminology used across Microsoft’s security communications. Updates are made as needed to ensure accuracy and relevance.

A

Active Directory Federation Services (AD FS)

Active Directory Federation Services (AD FS) is a standards-based service that allows the secure sharing of identity information between trusted organizations (known as a federation) across an extranet. When a user needs to access a web application from one of its federation partners, the user's own organization is responsible for authenticating the user and providing identity information in the form of "claims" (pieces of identity information, such as user attributes or roles) to the partner that hosts the web application. The hosting partner uses its trust policy to map the incoming claims to claims that are understood by its web application, which uses the claims to make authorization decisions.

ActiveX

ActiveX is a software framework created by Microsoft that adapts its earlier Component Object Model (COM) and Object Linking and Embedding (OLE) technologies for content downloaded from a network, particularly from the World Wide Web. See ActiveX for more information. Microsoft still supports ActiveX in Office, though it’s off-by-default in Office 2024 and (subscription) Microsoft 365: See ActiveX for more information.

Address Space Layout Randomization (ASLR)

Address Space Layout Randomization (ASLR) is a security mitigation that randomizes the memory locations of executable images, heap, and stack regions each time a system boots. This randomness makes it significantly harder for attackers to predict memory layouts and exploit vulnerabilities through techniques like buffer overruns or return-oriented programming (ROP).

To support ASLR, a component and all its dependencies must be ASLR-compatible. For example, if A.exe loads B.dll and C.dll, all three must be built with ASLR support. On Windows Vista and later, system DLLs and EXEs are randomized by default. However, DLLs and EXEs created by Independent Software Vendors (ISVs) must explicitly opt in by using the /DYNAMICBASE linker option during compilation.

ASLR also includes:

Heap Randomization: Heaps are placed at random memory locations to reduce the risk of heap-based exploits. Enabled by default on Windows Vista and later.
Stack Randomization: Threads in processes linked with /DYNAMICBASE have their stacks randomized to mitigate stack-based exploits.

The Force ASLR feature also known as EnableForceRelocateImages in the GetProcessMitigationPolicy API extends ASLR protection by forcing relocation of modules that were not compiled with /DYNAMICBASE. This ensures that even legacy or third-party DLLs that lack ASLR support are randomized in memory.

Applicability: Force ASLR can be enabled via system policies or programmatically through mitigation APIs. It is enforced in AppContainer sandboxes, and applications like Microsoft Office and Chromium opt in to this protection. Benefits: This eliminates predictable mappings that attackers rely on to bypass ASLR, especially in scenarios where non-ASLR-aware DLLs are loaded into ASLR-enabled processes.

Configuration: Force ASLR can be enabled through Group Policy or Windows Security settings. It complements other ASLR flags such as EnableBottomUpRandomization and EnableHighEntropy. See ASLR for more information.

AI Bug Bar

The AI Bug Bar is a set of criteria used by Microsoft to classify and prioritize security vulnerabilities specifically for artificial intelligence (AI) and machine learning (ML) systems. It helps the Microsoft Security Response Center (MSRC) determine the severity of reported bugs and decide how to address them. See Al Bug Bar for more information.

AI Safety

AI Safety refers to practices and principles that ensure artificial intelligence (AI) systems are designed and used in ways that benefit humanity and minimize potential harm or negative outcomes.

Purpose: Preventing Accidents: Ensures AI systems operate safely and as intended, reducing the risk of unintended consequences.
Ethical AI: Promotes the development of AI systems that align with human values and ethical standards.
Risk Mitigation: Identifies and mitigates risks such as bias, data security vulnerabilities, and external threats.

AI Security

AI Security refers to the use of artificial intelligence (AI) technologies to enhance an organization's security posture. It involves automating threat detection, prevention, and remediation to better combat cyberattacks and data breaches.

Purpose: Enhanced Threat Detection: AI systems can analyze vast amounts of data to identify patterns and anomalies that may indicate malicious activity.

Automation: AI can automate various cybersecurity tasks, such as alert aggregation, sorting, and response, allowing security teams to focus on more complex challenges.
Improved Incident Response: AI tools can provide swift remediation strategies based on their analysis of detected behaviors.

Always Encrypted

Always Encrypted is a feature designed to protect sensitive data, such as credit card numbers or national identification numbers (e.g., U.S. social security numbers) that is stored in Azure SQL Database or SQL Server databases. Always Encrypted allows clients to encrypt sensitive data within client applications and ensures that the encryption keys (used to lock and unlock the data) are never revealed to the Database Engine (SQL Database or SQL Server). This provides a separation between those who own the data (and can view it) and those who manage the data (but should not have access to it).

Application Compatibility Infrastructure (AppCompat)

The Microsoft Windows Application Compatibility Infrastructure (AppCompat) is designed to preserve application functionality as the Microsoft Windows operating system evolves from version to version. The AppCompat infrastructure allows for targeted fixes (specific adjustments to ensure compatibility) for specific applications and versions of applications. These fixes are stored outside of the core Windows functions to maintain system integrity.

Active Server Pages .NET (ASP.NET)

ASP.NET is a collection of technologies within the Microsoft .NET Framework that enable developers to build web applications and XML web services.

Unlike traditional web pages, which use a combination of static HTML and scripting, ASP.NET uses compiled (pre-translated into machine code) and event-driven (responding to user actions) pages. As a web-based application environment, ASP.NET requires an underlying web server to provide basic HTTP functionality, and it runs on top of Internet Information Services (IIS). See ASP.NET for more information.

Attack Complexity (AC) – CVSS 3.1 metric

This metric reflects the measurable actions an attacker must take to actively bypass or circumvent built-in security-enhancing conditions in order to achieve a successful exploit. These conditions are specifically designed to improve system security and/or increase the complexity of exploit development.

A vulnerability that can be exploited without requiring target-specific customization is considered to have lower complexity than one that demands significant tailoring. This metric focuses on the presence and effectiveness of security mechanisms in the vulnerable system, rather than the time or number of attempts needed for a successful attack (e.g., in the case of a race condition).

It’s important to note that the evasion or fulfillment of authentication requirements is assessed under the Privileges Required metric and is not considered a factor in Attack Complexity.

Values:

Low (L): The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system.
High (H): The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack.

See Attack Complexity for more information.

Attack Vector (AV) – CVSS 3.1 metric

This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will increase the more remote (logically, and physically) an attacker can be to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Values:

Network (N): The vulnerable component is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers).
Adjacent (A): The vulnerable component is bound to the network stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared physical (e.g., Bluetooth or IEEE 802.11) or logical (e.g., local IP subnet) network, or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN to an administrative network zone).
Local (L): The vulnerable component is not bound to the network stack and the attacker’s path is via read/write/execute capabilities.
Physical (P): The attack requires the attacker to physically touch or manipulate the vulnerable component.

See Attack Vector for more information.

Authentication

In the context of cybersecurity, authentication is the process of verifying the identity of a user, device, or system before granting access to sensitive resources. It ensures that only authorized individuals or entities can access protected data, applications, and networks. Authentication is a critical component of access control and plays a vital role in maintaining the security and integrity of information systems.

Authorization

In the context of cybersecurity, authorization is the process of determining and granting the appropriate level of access to resources for authenticated users, devices, or systems. It ensures that users can only access the data and perform the actions that they are permitted to, based on their identity and predefined policies. Authorization is a critical component of access control and helps maintain the security and integrity of information systems.

Availability Impact (A) – CVSS 3.1 metric

Definition: This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. It refers to the loss of availability of the impacted component itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, it is assumed that attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of an impacted component.

Values:

None (N): No impact on availability.
Low (L): Limited impact on availability.
High (H): Significant impact on availability.

B

Base Score - CVSS 3.1 Metric

The Base Score is a component of the Common Vulnerability Scoring System (CVSS), which is used to assess the severity of security vulnerabilities. It represents the intrinsic characteristics of a vulnerability that are constant over time and across different environments. The Base Score reflects the severity of a vulnerability according to its intrinsic characteristics which are constant over time and assumes the reasonable worst-case impact across different deployed environments.

C

Certificate Trust List (CTL)

A trust must exist between the recipient of a signed message and the signer of the message. One method of establishing this trust is through a certificate, an electronic document verifying that entities or persons are who they claim to be. A certificate is issued to an entity by a third party that is trusted by both of the other parties. So, each recipient of a signed message decides if the issuer of the signer's certificate is trustworthy. CryptoAPI has implemented a methodology to allow application developers to create applications that automatically verify certificates against a predefined list of trusted certificates or roots. This list of trusted entities (called subjects) is called a certificate trust list (CTL). See Certificate Trust Verification for more information.

Certification Authority (CA)

Certification authorities are organizations that issue certificates. They establish and verify the authenticity of public keys (unique codes used to encrypt data) that belong to individuals or other certification authorities. They also verify the identity of a person or organization requesting a certificate. See Certification Authority for more information.

Cipher suite

A cipher suite is a set of cryptographic algorithms (methods for securing data). Schannel protocols use algorithms from a cipher suite to create keys and encrypt information. See Cipher Suite for more information.

Common Log File System (CLFS)

The Common Log File System (CLFS) is a high-performance, general-purpose system for managing log files. It allows dedicated client applications to use and share log files efficiently to optimize access.

Confidentiality Impact (C) – CVSS 3.1 metric

This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized users. The resulting score is greatest when the loss to the system is highest.

Values:

None (N): There is no loss of confidentiality within the impacted component.
Low (L): There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the impacted component.
High (H): There is a total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server.

Content Security Policy (CSP)

Microsoft Edge now implements Content Security Policy (CSP) 1.0. CSP is a security standard that allows web developers to control the resources (such as JavaScript, CSS, plugins, and images) a web page can fetch or execute. This helps prevent attacks like cross-site scripting (XSS), clickjacking, and other code injection attacks that aim to execute malicious content on trusted web pages. With CSP, developers can create an allow list of trusted content sources in the HTTP headers, instructing the browser to only execute or render resources from those sources. See Content Security Policy for more information.

Copilot

GitHub Copilot: An AI-powered coding assistant developed by GitHub and OpenAI. It helps developers by suggesting code snippets, functions, and even entire files based on natural language prompts and existing code.

Microsoft Copilot: A suite of AI-powered tools integrated into Microsoft 365 (Word, Excel, Outlook, etc.) that helps users write, analyze, and automate tasks using natural language.

Cross-site Request Forgery (CSRF/XSRF)

Cross-site Request Forgery (CSRF/XSRF) is a type of attack that occurs when a malicious website, email, blog, instant message, or program causes a user's web browser to perform an unwanted action on a trusted site where the user is currently logged in (authenticated).

Cross-site scripting (XSS)

Cross-site scripting (XSS) is a type of security vulnerability in which malicious scripts are injected into otherwise benign and trusted websites. This vulnerability affects web servers that dynamically generate HTML pages. If these servers include user input in the dynamic pages they send back to the browser, they can be manipulated to include malicious content. This allows the malicious script to be executed in the user's browser. Web browsers may worsen this problem by assuming trusted sites and using cookies (small pieces of data stored by the browser) to maintain a persistent state with frequently visited websites. An XSS attack does not modify website content but inserts new, malicious script that executes in the browser in the context of a trusted server.

Cryptography

Cryptography is the science of securing information by converting it from its normal, readable state (plaintext) into an obscured state (ciphertext).

In all forms of cryptography, a key is used along with a crypto algorithm (a method for transforming data) to convert plaintext into ciphertext. In secret-key cryptography, the same key is used to transform ciphertext back into plaintext. In public-key cryptography, a different key is used to convert the ciphertext back into plaintext.

Cryptography Next Generation (CNG)

Cryptography Next Generation (CNG) provides a flexible platform for developing, updating, and using custom cryptographic algorithms in applications related to cryptography.

Common Vulnerabilities and Exposures (CVE)

The mission of the CVE™ Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.

CVE Database

The CVE Database is a repository of information about publicly disclosed cybersecurity vulnerabilities, maintained by the MITRE Corporation. CVE stands for Common Vulnerabilities and Exposures, and the database provides unique identifiers (CVE IDs) for each vulnerability.

CVE Identifier (CVE ID)

A CVE Identifier (CVE ID) is a unique identifier assigned to a publicly disclosed cybersecurity vulnerability. CVE stands for Common Vulnerabilities and Exposures, and the CVE ID helps in tracking and referencing specific vulnerabilities across various platforms and security tools. Purpose:
Standardization: Provides a standardized way to reference vulnerabilities, ensuring consistent communication among security professionals.

Tracking: Facilitates the tracking and management of vulnerabilities in security databases and tools.
Components: Each CVE ID includes:
CVE Prefix: The identifier starts with "CVE".
Year: The year the vulnerability was disclosed (e.g., CVE-2025).
Sequence Number: A unique number assigned to the vulnerability.

CVE.Org

CVE.org is the official website for the Common Vulnerabilities and Exposures (CVE) program. The CVE program is a globally recognized standard for identifying and cataloging publicly disclosed cybersecurity vulnerabilities. See CVE.Org for more information.

Common Vulnerability Scoring System (CVSS) 3.1

The Common Vulnerability Scoring System (CVSS) version 3.1 is a standardized framework used to assess and communicate the severity of software vulnerabilities. It is maintained by the Forum of Incident Response and Security Teams (FIRST) and is widely adopted across the cybersecurity industry, including within Microsoft Security Release workflows.

CVSS 3.1 evaluates vulnerabilities using three metric groups:

Metric Group	Description
Base	Represents the intrinsic characteristics of a vulnerability that are constant over time and across environments. These metrics include Attack Vector (AV), Attack Complexity (AC),
Temporal	Captures characteristics that change over time, such as the availability of exploit code or remediation.
Environmental	Reflects the impact of a vulnerability in a specific user environment, allowing customization of the score. Note that Microsoft does not currently provide Environmental scores.

Each group contributes to a final score ranging from 0.0 (None) to 10.0 (Critical), which is also represented as a vector string a textual representation of the metric values used. An example vector string: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Common Vulnerability Scoring System (CVSS) 4.0

CVSS 4.0 is a standardized, vendor-agnostic scoring system for assessing the severity of software vulnerabilities. Developed by the Forum of Incident Response and Security Teams (FIRST), it builds upon CVSS 3.1 by introducing more granular metrics, clearer nomenclature, and a broader scoring context to improve prioritization and communication across diverse environments.

CVSS4.0 evaluates vulnerabilities using four metric groups:

Metric Group	Purpose
Base (CVSS-B)	Intrinsic characteristics of a vulnerability (for example, exploitability, impact).
Threat (CVSS-T)	Real-world exploitability and threat intelligence.
Environmental (CVSS-E)	Customization based on the user’s environment.
Supplemental	Additional context (for example, safety, recovery, provider urgency).

These groups combine into composite scores like CVSS-BT (Base + Threat) or CVSS-BTE (Base + Threat + Environmental), which Microsoft’s MSRC team uses for public scoring.

Common Weakness Enumeration (CWE)

The Common Weakness Enumeration (CWE) is a community-developed list of common software and hardware weaknesses.

Purpose: To provide a standardized language for identifying and describing vulnerabilities, helping developers, security professionals, and researchers understand and mitigate these weaknesses.
Identification: Helps in identifying and categorizing software and hardware weaknesses that could lead to vulnerabilities.
Mitigation: Provides guidance on how to eliminate or reduce the impact of these weaknesses before deployment.
Standardization: Ensures consistent terminology and classification across different platforms and tools.

Customer Driven Update (CDU)

Updates that require manual action from a customer to update to the latest version.

D

Defense-in-depth

Defense-in-depth is an information security approach that uses multiple layers of defense to prevent attackers from compromising the security of a network or system.

Digital Certificate

In public-key cryptography, one key, known as the private key, must be kept secret, while the other key, known as the public key, is shared with the world. Digital certificates are used to verify the identity of a person or device, authenticate a service, or encrypt files. A digital certificate is a tamperproof piece of data that includes a public key and information about it, such as who owns it, what it can be used for, and when it expires. See Digital Certificate for more information.

DirectX

DirectX consists of a set of low-level Application Programming Interfaces (APIs) used by Windows programs for multimedia support.

Document Type Definition (DTD)

DTD (Document Type Definition) is a file format used in XML and other markup languages to specify the markup (tags and structure) used to format a document.

Domain Name System (DNS)

Domain Name System (DNS) is a locator service in Microsoft Windows that uses an industry-standard protocol to find computers on an IP-based network. IP networks, such as the Internet and Windows networks, rely on number-based addresses to process data.

E

Encryption

Encryption is the process of converting data from its normal, readable state (plaintext) into an obscured, unreadable state (ciphertext) using cryptographic algorithms and keys. This process ensures that only authorized parties with the correct decryption key can access the original data. Encryption is a fundamental aspect of cybersecurity, protecting sensitive information from unauthorized access, theft, and tampering.

Enhanced Metafile (EMF)

EMF (Enhanced Metafile Format) is a 32-bit format that can contain both vector information (data representing shapes and lines) and bitmap information (data representing pixel-based images). This format is an improvement over the Windows Metafile Format (WMF) and includes extended features. See Enhanced Metafile Format for more information.

Enhanced Mitigation Experience Toolkit (EMET)

* Note: The term Enhanced Mitigation Experience Toolkit (EMET) is still recognized in the industry, but it is no longer actively developed or supported by Microsoft. See EMET mitigations guidelines for more information.*

The Enhanced Mitigation Experience Toolkit (EMET) helps customers strengthen their defense-in-depth strategies against cyberattacks by detecting and blocking common exploitation techniques used to exploit memory corruption vulnerabilities. EMET protects against new and undiscovered threats even before they are addressed through security updates or antimalware software. It includes 14 security mitigations (measures to reduce risk) that complement other defense-in-depth security tools, such as Windows Defender and antivirus software. EMET installs with default protection profiles, which are XML files containing preconfigured settings for common Microsoft and third-party applications.

Note: The term Enhanced Mitigation Experience Toolkit (EMET) is still recognized in the industry, but it is no longer actively developed or supported by Microsoft. See EMET mitigations guidelines for more information.

Exploit Code Maturity – CVSS 3.1 metric

Definition: This metric assesses the likelihood of a vulnerability being exploited, based on the current landscape of exploit techniques, availability of exploit code, and evidence of active “in-the-wild” attacks. The public release of easy-to-use exploit code or detailed exploitation instructions significantly increases the pool of potential attackers, including those with limited technical skills. Initially, exploitation may be theoretical, but it can escalate with the publication of proof-of-concept code, functional exploits, or technical details sufficient for exploitation. Over time, these may evolve into reliable, automated tools—potentially embedded in worms, viruses, or other attack frameworks.

Values:

Not Defined (X): No information is available.
Unproven (U): No exploit code is available, or the exploit is theoretical.
Proof-of-Concept (P): Exploit code is available, but it is not functional.
Functional (F): Exploit code is available and functional.
High (H): Exploit code is widely available and being actively exploited.

Explorer Preview Pane

The Explorer Preview Pane in Windows File Explorer is a feature that allows users to view the contents of a file such as images, PDFs, Office documents, and text files without opening them in their associated applications. While convenient, this feature has historically posed a security risk and has been exploited as an attack vector.

Examples of Attack methods:

File Preview Without Execution: When a user selects a file in Explorer with the Preview Pane enabled, Windows automatically loads a preview handler for that file type.

This can trigger the rendering of the file’s contents even if the user never double-clicks to open it.

Mark of the Web (MotW) Bypass: Files downloaded from the internet are tagged with a Mark of the Web (MotW), which tells Windows and Office to treat them as potentially dangerous. Office apps typically open MotW-tagged files in Protected View, a sandboxed environment that limits what the file can do.

The Vulnerability: In the past, the Preview Pane could render MotW-tagged Office files Protected View is Office-specific, and our mitigation to prevent MotW documents from loading in the Explorer Preview Pane was specific to Office.

F

Firewall

Firewall: A firewall is a network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between a trusted internal network and untrusted external networks, such as the internet, to prevent unauthorized access and protect sensitive data. Firewalls are a fundamental component of network security, providing a first line of defense against cyber threats.

Fix

A Fix refers to a solution or patch that addresses a specific problem or vulnerability in software or hardware. Fixes are designed to correct issues, improve functionality, or enhance security.

G

Graphics Device Interface Plus (GDI+)

Graphics Device Interface Plus (GDI+) is a graphical subsystem developed by Microsoft, used primarily in Windows applications to render graphics such as:

2D vector graphics (lines, curves, shapes)
Images (bitmaps, JPEGs, PNGs, etc.)
Text (with advanced font and layout support)

GDI+ is an enhancement of the original GDI (Graphics Device Interface) and provides more advanced features, better performance, and improved support for modern graphics formats. It’s commonly used in Windows Forms applications and is part of the .NET Framework.

H

Heap Randomization

Heap randomization places dynamically allocated memory regions at unpredictable locations. This mitigates heap-based buffer overrun exploits by making it harder for attackers to predict where heap structures reside.

Enabled by default in Windows Vista and later applies to all applications regardless of whether they opt into ASLR.

HTML Injection

HTML injection is a type of security vulnerability that allows an attacker to inject HTML code into a user's session within a website. This vulnerability affects web servers that dynamically generate HTML pages. If these servers include user input in the dynamic pages they send back to the browser, they can be manipulated to include malicious content. This allows the malicious script to be executed in the user's browser. Web browsers may worsen this problem by assuming trusted sites and using cookies (small pieces of data stored by the browser) to maintain a persistent state with frequently visited websites. An HTML injection attack does not modify website content but inserts new, malicious HTML code that executes in the browser in the context of a trusted server.

Hypervisor-protected code integrity (HVCI)

Hypervisor-protected Code Integrity (HVCI) is a powerful system mitigation that uses hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes (core system functions) from the injection and execution of malicious or unverified code. When HVCI is enabled, kernel-mode code integrity validation is performed in a secure environment resistant to attacks from malicious software, and page permissions for kernel mode are managed by the Hyper-V hypervisor.

I

Input Method Editor (IME)

Input Method Editors (IMEs) help address the challenge of entering information in languages like Chinese and Japanese, which have thousands of characters. Since it's impractical to have a keyboard with all these characters, IMEs allow users to create characters using a standard 101-key keyboard by specifying the strokes (basic components) that make up each character.

Input/Output Control (IOCTL)

Windows provides the ability for applications to directly request services of device drivers. The interface through which this is done is called an input/output control, or IOCTL.

Integrity Impact (I) – CVSS 3.1 metric

Definition: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Values:

None (N): There is no loss of integrity within the impacted component.
Low (L): Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact on the impacted component.
High (H): There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the impacted component. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the impacted component.

Integrity level

Integrity level refers to a security feature in Windows called Mandatory Integrity Control (MIC). MIC assigns integrity levels to processes and objects to control access based on the trustworthiness of the process. For example, a process running with a medium integrity level has more privileges than one running with a low integrity level but fewer than one running with a high integrity level.

Internet Authentication Service (IAS)

Note: IAS has been superseded by Network Policy Server (NPS) starting with Windows Server 2008. NPS includes all IAS features and adds more, such as better integration with Active Directory and improved policy management. While IAS might still be found in legacy systems, it is not recommended for new deployments due to lack of support and security updates.

Internet Authentication Service (IAS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS) server. As a RADIUS server, IAS performs centralized connection authentication, authorization, and accounting for various types of network access, including wireless and virtual private network (VPN) connections.

Internet Information Service (IIS)

Internet Information Services (IIS) is a flexible, secure, and manageable web server created by Microsoft for hosting web applications. It is integrated into the Microsoft Windows Server operating system and supports various application-layer Internet protocols, including HTTP, HTTPS, FTP, and SMTP. IIS allows for media streaming and can handle demanding tasks due to its scalable architecture. Additionally, IIS 10.0 Express is a free version optimized for developers, making it easy to develop and test websites.

Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec) is a framework of open standards that ensures private, secure communication over Internet Protocol (IP) networks using cryptographic security services. IPSec supports network-level data integrity (ensuring data is not altered), data confidentiality (keeping data private), data origin authentication (verifying the source of data), and replay protection (preventing repeated attacks). Integrated at the Internet layer (layer 3), IPSec provides security for almost all protocols in the TCP/IP suite and applies transparently to applications, eliminating the need to configure separate security for each application using TCP/IP.

Intrusion Detection System (IDS)

Intrusion Detection System (IDS): An Intrusion Detection System (IDS) is a cybersecurity tool designed to monitor network traffic and system activities for signs of suspicious behavior or potential threats. IDSs play a crucial role in identifying and responding to unauthorized access, malware, and other malicious activities in real-time, helping to protect networks and systems from cyberattacks.

Intrusion Prevention System (IPS)

Intrusion Prevention System (IPS): An Intrusion Prevention System (IPS) is a network security tool designed to detect and prevent malicious activities by monitoring network traffic and taking proactive measures to block potential threats. Unlike an Intrusion Detection System (IDS), which only identifies and alerts suspicious activities, an IPS actively intervenes to stop attacks in real-time, providing a higher level of security.

IP Address and Domain Restrictions

IP Address and Domain Restrictions is a Web Server (IIS) feature that allows the creation of rules to allow or deny access to content based on specific IP addresses, ranges of IP addresses, or domain names. These rules are also known as "allow list" (allowed) or "deny list" [MA18.1](denied) rule sets.

By default, all IP addresses, computers, and domains can access your site. To enhance security, you can restrict access by creating rules for specific IP addresses, ranges of IP addresses, or domain names.

For example, if you have a site on an intranet server connected to the Internet, you can prevent Internet users from accessing your intranet site by allowing access only to members of your intranet and explicitly denying access to outside users.

J

JPEG

JPEG is a platform-independent image format that supports high compression (reducing file size while maintaining quality). It is a widely supported Internet standard developed by the Joint Photographic Experts Group.

JPEG XR

JPEG XR (.XJR) is a Microsoft-developed image format for continuous tone images (images with smooth gradations of color) that supports higher compression ratios and better color accuracy than the standard JPEG format.

K

Kerberos

Kerberos is a protocol used to mutually authenticate users and services on an open and unsecured network. It allows services to identify the user of a Kerberos ticket without having to authenticate the user at the service, using shared secret keys (unique codes known only to the communicating parties).

The Kerberos protocol encrypts and signs users' credentials with these shared secret keys. A client is authenticated by a Kerberos Key Distribution Center (KDC). After authentication, the user can request a service ticket to access a specific service on the network. This ticket includes the encrypted and signed identity of the user.

The Kerberos Key Distribution Center (KDC) is a network service that provides session tickets and temporary session keys to users and computers within an Active Directory domain. The KDC runs on each domain controller as part of Active Directory Domain Services (AD DS).

Kill Bits

A security feature in Microsoft Internet Explorer and Microsoft Office that prevents an ActiveX control or OLE object (COM-based extensibility features used to enhance web pages and documents) from ever being loaded by the HTML-rendering engine or document host. This is achieved by setting a specific registry value known as the kill bit. Once the kill bit is set, the control or object is permanently disabled—even if it is fully installed—ensuring that vulnerable components cannot be reactivated or exploited.

This mitigation is especially important for legacy components and is relevant in environments where Internet Explorer is deprecated but Office applications remain in use. Microsoft Office enforces similar protections for COM objects, and administrators can configure these settings to block specific controls across Office applications. See Kill Bits and Office COM Kill Bits for more

L

Low Integrity Level

The attacker is authorized with (for example, requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources.

M

Machine-in-the-Middle (MiTM)

A Machine-in-the-Middle (MiTM) attack occurs when an attacker intercepts communication between two users or devices by rerouting it through a malicious machine without the users' knowledge. Each user or device unknowingly sends and receives traffic from the attacker's machine, believing they are communicating only with the intended recipient.

Malware

Malware, short for malicious software, is any software intentionally designed to cause damage, disrupt operations, or gain unauthorized access to computer systems, networks, or devices. Malware encompasses a wide range of harmful programs, including viruses, worms, trojans, ransomware, spyware, adware, and more. It is a significant threat to cybersecurity, capable of compromising data integrity, stealing sensitive information, and causing widespread disruption.

Medium Integrity Level

The Medium Integrity Level is part of the Mandatory Integrity Control (MIC) system in Windows, which helps manage access to securable objects based on their integrity levels. It is assigned to standard user processes and objects, ensuring a balanced level of protection and access.

Microsoft .NET Remoting

Microsoft .NET Remoting is a technology that simplifies how applications communicate and share objects with other applications.

Microsoft Azure

Microsoft Azure is a comprehensive cloud computing platform developed by Microsoft. It provides a wide range of services—including computing, storage, networking, databases, analytics, artificial intelligence (AI), and Internet of Things (IoT)that enable individuals, businesses, and governments to build, deploy, and manage applications and services through Microsoft-managed data centers.

Azure supports multiple service models:

Infrastructure as a Service (IaaS): Offers virtualized computing resources over the internet.
Platform as a Service (PaaS): Provides a platform allowing customers to develop, run, and manage applications without dealing with the infrastructure.
Software as a Service (SaaS): Delivers software applications over the internet, on a subscription basis.

Azure is known for its:

Global reach: Over 300 data centers in more than 60 regions.
Security and compliance: Built-in tools and frameworks to meet enterprise-grade security and regulatory requirements.
Hybrid capabilities: Seamless integration between on-premises environments and the cloud.
AI and analytics: Advanced tools for machine learning, big data, and real-time insights.

Microsoft DirectShow

Microsoft DirectShow is used for streaming media on Microsoft Windows operating systems. DirectShow is used for high-quality capture and playback of multimedia streams. It automatically detects and uses video and audio acceleration hardware when available but also supports systems without acceleration hardware. DirectShow is also integrated with other DirectX technologies. Some examples of applications that use DirectShow include DVD players, video editing applications, AVI to ASF converters, MP3 players, and digital video capture applications.

DirectX consists of a set of low-level Application Programming Interfaces (APIs) used by Windows programs for multimedia support. Within DirectX, DirectShow technology performs client-side audio and video sourcing, manipulation and rendering.

Microsoft Entra ID

Microsoft Entra ID (formerly known as Microsoft Azure Active Directory or Azure AD) is a cloud-based identity and access management (IAM) solution. It enables organizations to manage user identities and access resources both internally and externally. See Microsoft Entra ID for more information.

Mitigation

In the context of cybersecurity, mitigation refers to the strategies and actions taken to reduce the severity, impact, or likelihood of a security threat or vulnerability. Mitigation aims to minimize the potential damage caused by cyber threats and enhance the overall security posture of an organization.

N

National Vulnerability Database (NVD)

The National Vulnerability Database (NVD) is the U.S. government repository for standards-based vulnerability management data. It is maintained by the National Institute of Standards and Technology (NIST) and provides information on software and hardware flaws that can compromise computer security.

Network Driver Interface Standard (NDIS)

The Network Driver Interface Standard (NDIS) is part of the Windows Driver Kit, which is a fully integrated driver development system that contains the Windows Driver Device Kit and tests for stability and reliability of Windows drivers. The NDIS library abstracts the network hardware from network drivers. NDIS also specifies a standard interface between layered network drivers, thereby abstracting lower-level drivers that manage hardware from upper-level drivers, such as network transport. NDIS also maintains state information and parameters for network drivers, including pointers to functions, handles, and parameter blocks for linkage, and other system values.

Network Location Awareness (NLA) service

Network Policy Server (NPS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS) server and proxy in Windows Server 2008. NPS is the replacement for Internet Authentication Service (IAS) in Windows Server 2003. As a RADIUS server, NPS performs authentication, authorization, and accounting for wireless, authenticating switch, and remote access dial-up and virtual private network (VPN) connections.

No-Action CVEs

No-Action CVEs refer to vulnerabilities that have been assigned a CVE identifier but do not require immediate action or remediation. These vulnerabilities are typically assessed as having minimal impact or being non-exploitable in practical scenarios.

NT LAN Manager (NTLM) Authentication Protocol

NT LAN Manager (NTLM) Authentication Protocol is a protocol that uses a challenge-response mechanism for authentication in which clients can verify their identities without sending a password to the server. It consists of three messages, commonly referred to as Type 1 (negotiation), Type 2 (challenge), and Type 3 (authentication).

O

Object Linking and Embedding (OLE)

A technology that allows applications to share data and functionality, such as the ability to create and edit compound data. Compound data is data that contains information in multiple formats. For example, a compound Microsoft Word document may contain an embedded Microsoft Excel spreadsheet (or OLE object). This technology also enables in-place editing; instead of launching a new application when an OLE object is activated, the user instead sees a new set of menu items inside their existing application. For more information about OLE, see Compound Documents. See Object Linking and Embedding for more information.

Online Services Bug Bar

The Online Services Bug Bar is a set of criteria used by Microsoft to classify and prioritize security vulnerabilities specifically for online services and web applications. It helps the Microsoft Security Response Center (MSRC) determine the severity of reported bugs and decide how to address them. See Online Services Bug Bar for more information.

Out-of-band security release

An Out-of-Band (OOB) Security Release is a security update issued outside of the regular update schedule. Typically, Microsoft releases patches on the second Tuesday of each month, known as Patch Tuesday. An OOB security release occurs when there is an urgent need to address a critical vulnerability that cannot wait until the next scheduled update.

Purpose:

Urgent Vulnerability Fix: Addresses unexpected, widespread exploits or critical vulnerabilities that pose immediate risks.

Zero -Day Exploits: Often released in response to unknown hardware, firmware, or software vulnerabilities, that are actively being exploited before the vendor becomes aware of them.

Outlook Attachment Preview:

Outlook Attachment Preview feature allows users to view the contents of an email attachment such as Word documents, Excel spreadsheets, PDFs, and images without opening the file in its native application. This is done by either single-clicking the attachment or selecting "Preview" from the context menu. Some Office applications (OneNote, Publisher, Project, Access) don’t support Protected View, and these also do not open in Protected View for attachment preview. (Also noting Visio as a special case which does support Protected View for Outlook attachment preview, but not in the full Visio application)

Security Model of Outlook Attachment Preview

Protected View Integration: For Office file types that support Protected View (e.g. Word, Excel, PowerPoint, and Visio files), Outlook uses Protected View when previewing attachments.

Protected View is a sandboxed environment that restricts editing, macros, and other potentially dangerous features.

Safer Than Opening Normally: When you open a file normally, even with Protected View, users are more likely to click “Enable Editing” or “Enable Content,” which can activate malicious code.

Non-Office Files:

For other file types (e.g., PDFs, images), Outlook uses registered preview handlers in Windows. These are generally safe but depend on the security of the preview handler itself. A vulnerable handler could still be exploited.

Outlook Mail Preview Pane (Reading Pane)

The Outlook Reading Pane (often referred to as the mail preview pane) allows users to preview the content of an email in the default Outlook view.

Functionality: This pane displays the email content and can also preview attachments within the email. It helps users quickly scan their messages without opening them fully.

P

Patch Tuesday

Patch Tuesday, also known as Update Tuesday, is an unofficial term used to refer to the day when Microsoft and other software vendors regularly release security patches and updates for their products. This event occurs on the second Tuesday of each month and is a key part of the software maintenance cycle.

Perfect Forward Secrecy (PFS)

PFS is a property of key-agreement protocols that make sure that a session key derived from a set of long-term keys will not be compromised if one of the long-term keys is compromised in the future.

Pragmatic General Multicast (PGM)

PGM is a reliable and scalable multicast protocol that enables receivers to detect loss, request retransmission of lost data, or notify an application of unrecoverable loss. PGM is a receiver-reliable protocol, which means the receiver is responsible for ensuring all data is received, absolving the sender of responsibility for the reliability of communications. PGM is appropriate for applications that require duplicate-free multicast data delivery from multiple sources to multiple receivers. PGM does not support acknowledged delivery, nor does it guarantee ordering of packets from multiple senders. See Pragmatic General Multicast for more information.

Phishing

Phishing is a type of cyberattack where attackers attempt to deceive individuals into providing sensitive information, such as usernames, passwords, credit card numbers, or other personal data. This is typically done by masquerading as a trustworthy entity in electronic communications, such as emails, text messages, or social media messages. Phishing is one of the most common and effective forms of cybercrime, exploiting human psychology to gain unauthorized access to sensitive information.

Portable Network Graphics (PNG)

PNG stands for Portable Network Graphics. The Portable Network Graphics (PNG) format was designed to replace the older and simpler GIF format and, to some extent, the much more complex TIFF format.

Privileges Required (PR) - CVSS 3.1 Metric

Definition: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

Values:

None (N): The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack.
Low (L): The attacker requires privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges can access only non-sensitive resources.
High (H): The attacker requires privileges that provide significant (e.g., administrative) control over the vulnerable component allowing access to component-wide settings and files.

See Privileges Required for more information.

Publisher Driven Update (PDU)

Updates that are automatically pushed to customers.

R

Race Condition

A Race Condition is a type of software bug that occurs when the outcome of a process depends on the timing or sequence of uncontrollable events, such as the order in which threads or processes execute.

Purpose:

Concurrency Issues: Race conditions typically arise in concurrent systems where multiple threads or processes are executing simultaneously.
Synchronization: Proper synchronization mechanisms are required to prevent race conditions and ensure consistent and correct behavior.

Ransomware

Ransomware is a type of malicious software, or malware, that cybercriminals use to block access to, destroy, or publish a victim’s critical data unless a ransom is paid. See Malware section for more information on Malware.

Remediation Level (RL)

Definition: This metric evaluates the availability and effectiveness of remediation measures for the vulnerability.

Values:

Not Defined (ND): No remediation is available.
Official Fix (OF): An official fix is available from the vendor.
Temporary Fix (TF): A temporary fix or workaround is available.
Workaround (W): A workaround is available, but it is not an official fix.
Unavailable (U): No remediation is available.

Remote Authentication Dial-in User Service (RADIUS)

Windows 2000 Server: IAS does not support RADIUS Proxy because it is based on the Option Pack version.

Windows Server 2003: IAS functions as both a RADIUS server and proxy, forwarding authentication and accounting messages to other RADIUS servers.

Remote Desktop Protocol (RDP)

Remote Desktop Protocol (RDP) lets users create a virtual session on their desktop computers. RDP allows remote users to access all of the data and applications on their computers. For more information, see the MSDN article, Remote Desktop Protocol. See Remote Desktop Protocol for more information.

Remote Procedure Call (RPC)

Microsoft Remote Procedure Call (RPC) is an inter-process communication (IPC) mechanism that enables data exchange and invocation of functionality residing in a different process. That process can be on the same computer, on the local area network (LAN), or across the Internet. The Microsoft RPC mechanism uses other IPC mechanisms, such as pipes, NetBIOS, or Winsock, to establish communications between the client and the server. With RPC, essential program logic and related procedure code can exist on different computers, which is important for distributed applications. See Remote Procedure Call for more information.

Report Confidence (RC)

Definition: This metric measures the confidence in the existence and details of the vulnerability.

Values:

Not Defined (ND): No information is available.
Unknown (U): The existence of the vulnerability is uncertain.
Reasonable (R): There is reasonable confidence in the existence of the vulnerability.
Confirmed (C): The vulnerability has been confirmed by multiple sources.

Remote Procedure Call (RPC) Network Data Representation (NDR) Engine

The Remote Procedure Call (RPC) Network Data Representation (NDR) Engine is the marshaling engine of the RPC and DCOM components. The NDR Engine handles all stub-related issues of a remote call. As a process, NDR marshaling is driven by the C code from MIDL-generated stubs, a MIDL JIT-type generator, or by stubs generated by other tools or written manually. In turn, the NDR engine drives the underlying run time (DCOM or RPC) that communicates with specific transports.

S

Same Origin Policy

The Same-Origin Policy restricts how documents or scripts loaded from one origin can interact with resources from another origin. An origin is defined by the combination of:

Scheme (Protocol): for example, http or https
Host (Domain): for example, example.com
Port: for example, 80 or 443

Two URLs share the same origin only if all three match as in the following:

http://example.com/page1 and http://example.com/page2 → Same origin
https://example.com/page1 and http://example.com/page2 → Different origin (protocol differs) [developer....ozilla.org], [portswigger.net], [en.wikipedia.org]

Same-Origin Policy protects user data and mitigates attacks by stopping such common attacks as:

Cross-Site Scripting (XSS): Malicious scripts stealing data.
Cross-Site Request Forgery (CSRF): Unauthorized actions on authenticated sites.

In addition, same-origin policy maintains isolation by ensuring that visiting an untrusted site doesn’t compromise sessions on trusted sites such as your email or banking site.

Scope (S) CVSS 3.1 Metric

Definition: Determines whether the exploitation of the vulnerability impacts resources beyond the security scope of the vulnerable component.

Values:

Unchanged (U): An exploited vulnerability can only affect resources managed by the same security authority. In this case, the vulnerable component and the impacted component are either the same, or both are managed by the same security authority.

Changed (C): An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

Secure Channel (Schannel)

The Secure Channel (Schannel) security package is a Security Support Provider (SSP) that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. These components are used to implement secure communications in support of several common internet and network applications, such as web browsing. Schannel is part of the security package that helps provide an authentication service to provide secure communications between client and server. For more information, see Secure Channel. See Secure Channel for more information.

Secure Sockets Layer (SSL)

The Secure Sockets Layer (SSL) protocol is a predecessor of the Transport Layer Security protocol. It performs the same functions and supports secure network communications using a combination of public and secret key technology. See Secure Sockets Layer for more information.

Security Advisory

A security advisory is an official communication issued by software vendors, cybersecurity organizations, or government agencies to inform users about newly discovered security vulnerabilities, potential threats, and recommended actions to mitigate risks. Security advisories can provide detailed information about the nature of a vulnerability, its potential impact, and steps that users and administrators should take to protect their systems and data.

Security Baseline

A security baseline is a set of minimum security standards and practices that an organization must implement to protect its systems, data, and operations from common threats. It serves as a foundational guideline for maintaining a basic level of security, ensuring that essential controls are in place to mitigate risks and comply with regulatory requirements. Security baselines are tailored to the specific needs and risk landscape of an organization, providing a starting point for more advanced security measures.

Security Update

A security update is a software patch or modification designed to address vulnerabilities and improve the security of a system, application, or device. These updates are crucial for protecting against potential threats, such as malware, exploits, and unauthorized access. Security updates can include fixes for known vulnerabilities, enhancements to existing security features, and new security measures.

Server Side Request Forgery (SSRF)

Server Side Request Forgery (SSFR) is a type of attack that can allow an attacker to target internal systems behind the firewall that are normally inaccessible from the outside world. The attacker could then create requests which appear to come from the vulnerable server. In addition, an attacker can use SSRF attacks to:

Scan and attack systems from the internal network that are not normally accessible.
Enumerate and attack services that are running on these hosts.
Exploit host-based authentication services.

Severity Rating

A severity rating is a classification system used to assess the impact and urgency of addressing a security vulnerability. It helps organizations prioritize their response to vulnerabilities based on the potential risk they pose to systems, applications, and data. Severity ratings are typically assigned based on factors such as the ease of exploitation, the potential damage, and affected systems.

Stack Randomization

Stack randomization moves the stack region used for function calls and local variables to a random location when a thread starts in a process compiled with /DYNAMICBASE. Helps prevent stack-based buffer overrun exploits and requires the application to opt into ASLR.

T

Task Scheduler

Task Scheduler is a Windows feature that enables you to automatically perform routine tasks on a chosen computer. The Task Scheduler can be used to execute tasks such as starting an application, sending an email message, or showing a message box.

Telnet

By using Telnet Client and Telnet Server, you can run command-line programs, shell commands, and scripts in a remote command console session just as though you were locally logged on to the remote host.

Temporal Score CVSS 3.1

The Temporal Score is a component of the Common Vulnerability Scoring System (CVSS) that reflects the current state of exploitability and remediation of a vulnerability. Unlike the Base Score, which remains constant, the Temporal Score can change over time as new information becomes available.

Transport Layer Security (TLS) Handshake Protocol

The Transport Layer Security (TLS) Handshake Protocol is responsible for the authentication and key exchange necessary to establish or resume secure sessions. For more information, see How TLS/SSL works. See Transport Layer Security (TLS) Handshake Protocol for more information.

Trusted Boot

Trusted Boot is a Windows 8.1 feature that secures the entire Windows boot process. It prevents malware from hiding and taking up permanent residence within the PC by ensuring none of the Windows components loaded during boot have been tampered with. Trusted Boot also ensures that anti-malware software is loaded before any third-party drivers and applications using its Early Launch Anti-Malware (ELAM) capability. This prevents malware from inserting itself in front of the anti-malware engine so that it can compromise the anti-malware engine’s ability to protect the system. In the event that malware was able to successfully compromise the any of the Windows boot process, Trusted Boot will attempt to automatically remediate the issue.

U

Uniscribe

Uniscribe is a set of APIs that allow a high degree of control for fine typography and for processing complex scripts. Both complex scripts and simple scripts with fine typography effects require special processing to display and edit because the characters ("glyphs") are not laid out in a simple way. For complex scripts, the rules governing the shaping and positioning of glyphs are specified and catalogued in The Unicode Standard.

User Interaction (UI) CVSS 3.1

Definition: Indicates whether user interaction is required for the exploitation.

Values:

None (N): No user interaction is required.
Required (R): User interaction is required.

V

VBScript

Microsoft XML Core Services (MSXML) allows customers who use JScript, Visual Basic Scripting Edition (VBScript), and Microsoft Visual Studio 6.0 to develop XML-based applications that provide interoperability with other applications that adhere to the XML 1.0 standard. See VBScript for more information.

Vector Score CVSS 3.1

The Vector Score is part of the Common Vulnerability Scoring System (CVSS) and represents the specific attributes of a vulnerability that contribute to its overall severity score. It provides a detailed breakdown of the factors that influence the Base Score.

Vulnerability

In the context of cybersecurity, a vulnerability is a weakness or flaw in a system, application, or network that can be exploited by attackers to gain unauthorized access, disrupt operations, or cause other forms of harm. Vulnerabilities can arise from various sources, including software bugs, misconfigurations, hardware issues, and human errors.

Types of Vulnerabilities:

Zero-Day Vulnerabilities: Vulnerabilities that are unknown to the software vendor and have no available fix. These are particularly dangerous because attackers can exploit them before they are patched.
Known Vulnerabilities: Vulnerabilities that have been identified and documented, often with available patches or mitigations. These are tracked using identifiers like Common Vulnerabilities and Exposures (CVE) numbers.
Configuration Vulnerabilities: Weaknesses resulting from improper configuration settings, such as open ports, default passwords, or insecure protocols.

Vulnerability Databases

A Vulnerability Database (VDB) is a platform or repository that collects, maintains, and disseminates information about discovered computer security vulnerabilities. These databases are essential tools for cybersecurity professionals, providing detailed information about the nature of vulnerabilities, their potential impact, mitigation strategies, and patches.

W

Web Proxy Automatic Discovery (WPAD) protocol

The Web Proxy Automatic Discovery (WPAD) protocol allows automatic discovery of Web Proxy servers. WPAD provides a mechanism for clients to locate a WPAD entry containing a URL that points to a server on which the Wpad.dat and Wspad.dat files are generated. The Wpad.dat file is a JavaScript file containing a default URL template, constructed by Internet Explorer. The Wpad.dat file is used by Web Proxy clients for automatic discovery information.

Web Server (IIS) role in Windows Server

The Web Server (IIS) role in Windows Server provides a secure, easy-to-manage, modular (composed of interchangeable parts) and extensible (able to be expanded) platform for reliably hosting websites, services, and applications. See Web Server (IIS) role in Windows Server for more information.

WebDAV

Web Distributed Authoring and Versioning (WebDAV) is an extension to the Hypertext Transfer Protocol (HTTP) that defines how basic file functions such as copy, move, delete and create are performed by a computer using HTTP.

WebDAV Mini-Redirector

The WebDAV Mini-Redirector is also known as the WebClient service. This service lets DAV-enabled folders appear as Universal Naming Convention (UNC) shares.

WebDAV Redirector

A WebDAV Redirector is a remote file system over the WebDAV protocol that allows Windows client machines to connect to your WebDAV publishing directory through the command line. The WebDAV Redirector enables you to manipulate files on the Web as though the files exist on a mapped network drive.

Windows Bug bar

The Windows Bug Bar is a set of criteria used by Microsoft to classify and prioritize security vulnerabilities in Windows. It helps the Microsoft Security Response Center (MSRC) determine the severity of reported bugs and decide how to address them. See Windows Bug bar for more information.

Windows Error Reporting (WER)

Windows Error Reporting (WER) is a flexible event-based feedback infrastructure designed to gather information about the hardware and software problems that Windows can detect, report the information to Microsoft, and provide users with any available solutions. For more information about WER, see the Microsoft Developer Network (MSDN) article About WER. See Windows Error Reporting (WER) for more information.

Windows Forms (WinForms)

Windows Forms is a smart client technology for the .NET Framework, a set of managed libraries that simplify common application tasks such as reading and writing to the file system. When you use a development environment like Visual Studio, you can create Windows Forms smart-client applications that display information, request input from users, and communicate with remote computers over a network. For more information, see Windows Forms Overview. See Windows Forms for more information.

Windows kernel

The Windows kernel is the core of the operating system. It provides system-level services such as device management and memory management, allocates processor time to processes, and manages error handling.

Windows kernel-mode driver (win32k.sys)

Win32k.sys is a kernel-mode device driver and is the kernel part of the Windows subsystem. It contains the window manager, which controls window displays; manages screen output; collects input from the keyboard, mouse, and other devices; and passes user messages to applications. It also contains the Graphics Device Interface (GDI), which is a library of functions for graphics output devices. Finally, it serves as a wrapper for DirectX support that is implemented in another driver (dxgkrnl.sys).

Windows Registry Virtualization

Windows Registry Virtualization is an application compatibility technology that enables registry write operations that have global impact to be redirected to per-user locations. This redirection is transparent to applications reading from or writing to the registry.

Windows Shell

The Windows UI provides users with access to a wide variety of objects necessary for running applications and managing the operating system. The most numerous and familiar of these objects are the folders and files that reside on computer disk drives. There are also several virtual objects that allow the user to perform tasks such as sending files to remote printers or accessing the Recycle Bin. The Shell organizes these objects into a hierarchical namespace and provides users and applications with a consistent and efficient way to access and manage objects.

Workaround

Refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update.

Z

Zero-Day

Zero-Day: A zero-day vulnerability is a security flaw in software, hardware, or firmware that is unknown to the vendor or developer. Because the vendor has zero days to address the vulnerability before it is exploited, these flaws are particularly dangerous. Zero-day vulnerabilities are often discovered by attackers before the vendor becomes aware of them, allowing attackers to exploit the vulnerability without any available patch or fix.

Zero-Day Exploits

Often released in response to zero-day exploits, which are vulnerabilities that are actively being exploited before the vendor becomes aware of them