2009 is ending and I thought it would be nice to write down my personal record on Microsoft vulnerabilities. I started finding vulns in MS products in 2002 and these are most of them:
-Microsoft Biztalk Server ISAPI HTTP Receive function buffer overflow
-Microsoft Biztalk Server DTA vulnerable to SQL injection
http://www.microsoft.com/technet/security/bulletin/ms03-016.mspx
-Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness
http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/0034.html
-Microsoft Active Server Pages Cookie Retrieval Issue
http://www.appsecinc.com/resources/alerts/general/05-0001.shtml
-Microsoft Windows LPC heap overflow
http://www.microsoft.com/technet/security/bulletin/MS04-044.mspx
http://www.appsecinc.com/resources/alerts/general/07-0001.shtml
-Microsoft Windows Utility Manager Local Elevation of Privileges
http://www.microsoft.com/technet/security/bulletin/MS04-019.mspx
http://marc.info/?l=bugtraq&m=108975382413405&w=2
http://www.milw0rm.com/exploits/350
-Microsoft Windows Utility Manager Local Elevation of Privileges II
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
http://www.appsecinc.com/resources/alerts/general/04-0001.shtml
http://www.milw0rm.com/exploits/271
-Microsoft Windows Improper Token Validation
http://www.appsecinc.com/resources/alerts/general/06-0001.shtml
http://www.microsoft.com/technet/security/bulletin/MS04-044.mspx
http://www.milw0rm.com/exploits/749
-Microsoft Windows GDI Kernel Local Privilege Escalation Vulnerability
http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx
http://www.argeniss.com/research/ARGENISS-ADV-110604.txt
http://www.argeniss.com/research/GDIKernelPoC.c
-Microsoft MSDTC COM+ Remote Code Execution Vulnerability
http://www.microsoft.com/technet/security/Bulletin/MS05-051.mspx
-Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer Overflow Vulnerability
http://www.microsoft.com/technet/security/bulletin/ms03-042.mspx
http://marc.info/?l=ntbugtraq&m=106632192709608&w=2
-Microsoft Windows COM Structured Storage Local Privilege Escalation Vulnerability
http://www.microsoft.com/technet/security/bulletin/MS05-012.mspx
http://www.argeniss.com/research/hackwininter.zip
http://www.argeniss.com/research/WLSI.zip
-Microsoft Windows Thread Pool ACL Local Privilege Escalation Vulnerability
-Microsoft Windows RPCSS Service Isolation Local Privilege Escalation Vulnerability
-Microsoft Windows MSDTC Service Isolation Vulnerability
-Microsoft Windows WMI Service Isolation Local Privilege Escalation Vulnerability
http://www.microsoft.com/technet/security/bulletin/MS09-012.mspx
http://www.argeniss.com/research/TokenKidnapping.pdf
http://www.argeniss.com/research/Churrasco.zip
http://www.argeniss.com/research/Churrasco2.zip
-Microsoft Windows Shell Could Allow Remote Code Execution (2 vulns)
http://www.argeniss.com/research/MSBugPaper.pdf
http://www.microsoft.com/technet/security/Bulletin/MS05-049.mspx
-Microsoft SQL Server Heterogenous Queries Buffer Overflow
http://www.appsecinc.com/resources/alerts/mssql/02-0008.shtml
http://www.microsoft.com/technet/security/Bulletin/MS02-007.mspx
-Microsoft SQL Server xp_dirtree Buffer Overflow
http://www.appsecinc.com/resources/alerts/mssql/02-0007.shtml
http://www.microsoft.com/technet/security/Bulletin/MS02-020.mspx
-Microsoft SQL Server Buffer Overflows in numerous extended stored procedures (17 vulns)
http://www.appsecinc.com/resources/alerts/mssql/02-0000.shtml
http://www.microsoft.com/technet/security/Bulletin/MS02-020.mspx
-Microsoft SQL Server encoded password written by service pack
http://www.appsecinc.com/resources/alerts/mssql/02-0009.shtml
http://www.microsoft.com/technet/security/Bulletin/MS02-035.mspx
-Microsoft SQL Server BULK INSERT buffer overflow
http://www.microsoft.com/technet/security/bulletin/MS02-034.asp
http://www.appsecinc.com/resources/alerts/mssql/02-0010.shtml
-Microsoft SQL Server multiple buffer overflows in DBCC and SQL Injections (6 vulns)
http://www.appsecinc.com/resources/alerts/mssql/02-0011.shtml
http://www.microsoft.com/technet/security/Bulletin/MS02-038.mspx
-Microsoft SQL Server multiple vulnerabilities (5 vulns)
http://www.blackhat.com/presentations/win-usa-03/bh-win-03-cerrudo/bh-win-03-cerrudo.pdf
--------0--------
If you count them, they are 50 vulnerabilities in total, 14 are Microsoft Windows specific. Actually the real count should be +50, few not mentioned vulnerabilities were patched in service packs, new versions, not acknoledged by MS as vulnerabilities, etc.
Of course I'm not mentioning there the 0days I have, with them the count is >50, reaching 20 specific to MS Windows.
Microsoft should give me a prize someday ;)