MS15-020 - Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution

Bulletin ID: 

MS15-020

Severity: 

Critical

Description: 

This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website, open a specially crafted file, or open a file in a working directory that contains a specially crafted DLL file.
Revision Note: V1.1 (March 10, 2015): Bulletin revised to better explain the attack vector for the DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096).

Security advisory: 

Related content