Microsoft addresses several vulnerabilities in its November security bulletin. Trend Micro Deep Security covers the following:

CVE-2019-1390 - BScript Remote Code Execution Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the VBScript engine in respect to handling objects in memory. Attackers looking to exploit this vulnerability must find a way to convince a user to access a malicious website where the exploit is hosted.



CVE-2019-1429 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This elevation of privilege vulnerability exists in the improper handling of objects in memory by the scripting engine in Internet Explorer. Attackers looking to exploit this vulnerability must find a way to convince a user to access a malicious website where the exploit is hosted.



CVE-2019-1359 - Jet Database Engine Remote Code Execution Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the improper handling of objects by the Windows Jet Database Engine. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted file.



CVE-2019-1358 - Jet Database Engine Remote Code Execution Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the improper handling of objects by the Windows Jet Database Engine. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted file.



CVE-2019-1311 - Windows Imaging API Remote Code Execution Vulnerability
Risk Rating: Important

This remote code execution vulnerability exists in the improper handling of objects in memory by the Windows Imaging API. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted .WIM file.

Microsoft addresses several vulnerabilities in its December security bulletin. Trend Micro Deep Security covers the following:

CVE-2019-0617 - Jet Database Engine Remote Code Execution Vulnerability
Risk Rating: Important

This remote code execution vulnerability exists in the Windows Jet Database engine in respect to handling objects in memory. Attackers looking to exploit this vulnerability must find a way to convince a user to open a specially crafted file.



CVE-2019-1485 - VBScript Remote Code Execution Vulnerability
Risk Rating: Important

This remote code execution vulnerability exists in the improper handling of objects in memory by VBScript engine. Attackers looking to exploit this vulnerability must find a way to convince a user to access a malicious website where the exploit is hosted.



CVE-2019-0853 - GDI Remote Code Execution Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the improper handling of objects by the Windows Graphics Device Interface (GDI). Attackers looking to exploit this vulnerability must find a way for a user to open a website that contains the exploit, or to open a specially crafted file via file-sharing.



CVE-2019-1458 - Win32k Elevation of Privilege Vulnerability
Risk Rating: Important

This elevation of privilege vulnerability exists in the improper handling of objects by the the Win32k component in Windows. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted application.



CVE-2019-1439 - Windows GDI Information Disclosure Vulnerability
Risk Rating: Important

This information disclosure vulnerability exists in the improper handling of objects in memory by the Windows GDI component. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted document.



CVE-2019-1117 - DirectWrite Remote Code Execution Vulnerability
Risk Rating: Important

This remote code execution vulnerability exists in the improper handling of objects in memory by the DirectWrite. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted document.



CVE-2019-1118 - DirectWrite Remote Code Execution Vulnerability
Risk Rating: Important

This remote code execution vulnerability exists in the improper handling of objects in memory by the DirectWrite. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted document.



CVE-2019-1119 - DirectWrite Remote Code Execution Vulnerability
Risk Rating: Important

This remote code execution vulnerability exists in the improper handling of objects in memory by the DirectWrite. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted document.



CVE-2019-0959 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
Risk Rating: Important

This elevation of privilege vulnerability exists in the improper handling of objects in memory by the Windows Common Log File System. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted application.

Microsoft addresses several vulnerabilities in its January security bulletin. Trend Micro Deep Security covers the following:

CVE-2020-0609 - Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
Risk Rating: Critical

This remote code execution, pre-authentication vulnerability exists in the Windows Remote Desktop Gateway (RD Gateway) and requires no user interaction. Attackers looking to exploit this vulnerability could send a specially crafted request via RDP.



CVE-2020-0610 - Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
Risk Rating: Critical

This remote code execution, pre-authentication vulnerability exists in the Windows Remote Desktop Gateway (RD Gateway) and requires no user interaction. Attackers looking to exploit this vulnerability could send a specially crafted request via RDP.



CVE-2020-0652 - Microsoft Office Memory Corruption Vulnerability
Risk Rating: Important

This remote code execution vulnerability exists in the improper handling of objects by Microsoft Office. Attackers looking to exploit this vulnerability must find a way for a user to open a website that contains the exploit, or to open a specially crafted file.



CVE-2020-0601 - Windows CryptoAPI Spoofing Vulnerability
Risk Rating: Important

This spoofing vulnerability exists in the validation of Elliptic Curve Cryptography (ECC) certificates by the the Windows CryptoAPI (crypt32.dll). A successful exploitation of this vulnerability could allow man-in-the-middle (MiTM) attacks.

Microsoft addresses several vulnerabilities in its February security bulletin. Trend Micro Deep Security covers the following:

CVE-2020-0674 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the scripting engine of Internet explorer in the way it handles objects in memory. Attackers looking to exploit this vulnerability could host a specially crafted website that contains an exploit.



CVE-2020-0681 - Remote Desktop Client Remote Code Execution Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the Windows Remote Desktop Client. It exists when a user connects to a malicious server. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious server.



CVE-2020-0692 - Microsoft Exchange Server Elevation of Privilege Vulnerability
Risk Rating: Important

This elevation of privilege vulnerability, that requires an enabled Exchange Web Services (EWS), exists in the Microsoft Exchange Server. Attackers looking to exploit this vulnerability must find a way to change Security Access Token parameters and forward that to the vulnerable Microsoft Exchange Server.

The OECD's Inclusive Framework on BEPS has released two sets of guidance to give greater certainty to tax administrations and MNE Groups alike on the implementation and operation of Country-by-Country (CbC) Reporting (BEPS Action 13).

Responses from SMEs in 11 cities having business operations in 24 states and Union Territories were collected for the purpose of the survey.

The Global Forum on Transparency and Exchange of Information for Tax Purposes (the Global Forum) published today the first 10 outcomes of a new and enhanced peer review process aimed at assessing compliance with international standards for the exchange of information on request between tax authorities.

Raveena Tandon has shared an old video message that Rishi Kapoor sent to wish her father Ravi Tandon on his birthday, before he left for cancer treatment in New York.

The Global Forum on Transparency and Exchange of Information for Tax Purposes (the Global Forum) published today the first 10 outcomes of a new and enhanced peer review process aimed at assessing compliance with international standards for the exchange of information on request between tax authorities.

As part of continuing efforts to improve the international tax framework, the OECD has released the first analysis of individual country efforts to improve dispute resolution mechanisms.

The OECD invites public comments on proposed changes to the Commentary on Article 5 (Permanent Establishment) of the OCD Model Tax Convention.

OECD releases a discussion draft on the revision of the Safe Harbours section of the Transfer Pricing Guidelines.

OECD Working Party No. 6 releases a discussion draft on the Transfer Pricing Aspects of Intangibles

Furthering its efforts to strengthen international tax co-operation, the OECD has issued two new reports on automatic exchange and tax confidentiality. The report on automatic exchange of information describes what it is, how it works, where it stands and what challenges remain. The report on confidentiality of information exchanged examines all aspects of ensuring the protection of information exchanged for tax purposes.

The amount of cross border portfolio investment exceeds 35 trillion USD. To encourage growth and cross-border investment more than 3000 tax treaties around the world based on the OECD Model reduce source taxation on a reciprocal basis.

The Steering Committee of the OECD Global Forum on Transfer Pricing publishes a Draft Handbook on Transfer Pricing Risk Assessment. This Handbook is intended to provide practical guidance to tax administrations in both OECD and non-OECD economies regarding the process of conducting transfer pricing risk assessments. Interested parties are invited to provide comments by 13 September 2013.

"Tax Policy Landscape Five Years after the Crisis" discusses how tax policies have responded to fiscal and macroeconomic developments over the past five years and these longer-term structural economic developments on. "Tax Reform in the People's Republic of China" compares the tax system in China with the tax system in OECD countries and the tax reforms China and OECD countries have implemented in the past.

A public consultation will be held at the OECD Conference Centre on 12-13 November 2013. The public consultation is open to all interested persons and will be attended by country delegates to Working Party No. 6 of the OECD Committee on Fiscal Affairs. Persons interested in attending must register in advance through the OECD website.

The OECD Committee on Fiscal Affairs invites public comments and input on questions related to the tax challenges of the digital economy. The Committee invites interested parties to send their comments in response to this request for input before 22 December 2013.

Taking an important step towards greater transparency and putting an end to banking secrecy in tax matters, the OECD today released the full version of a new global standard for the exchange of information between jurisdictions.

The Global Forum on Transparency and Exchange of Information for Tax Purposes published today 13 new peer review reports demonstrating progress toward implementation of the international standard for exchange of information on request. The Global Forum also issued compliance ratings for 10 jurisdictions.

Public comments are invited on request for input on BEPS Action 11 regarding work on establishing methodologies to collect and analyse data on BEPS and the actions to address it.

The OECD released today its first recommendations for a co-ordinated international approach to combat tax avoidance by multinational enterprises, under the OECD/G20 Base Erosion and Profit Shifting Project designed to create a single set of international tax rules to end the erosion of tax bases and the artificial shifting of profits to jurisdictions to avoid paying tax.

The OECD has released statistics on the MAP caseloads of OECD member countries and certain Partner economies for the 2013 reporting period.

Pushing forward efforts to boost transparency in international tax matters, the OECD today released a package of measures for the implementation of a new Country-by-Country Reporting plan developed under the OECD/G20 BEPS Project.

The Global Forum on Transparency and Exchange of Information for Tax Purposes published new peer review reports today for 12 countries or jurisdictions, moving further ahead with its goal to implement global standards on transparency and exchange of information for tax purposes.

As part of the OECD’s work to improve the timeliness of processing and completing mutual agreement procedure (MAP) cases under tax treaties and to enhance the transparency of the MAP process, the OECD makes available annual statistics on the MAP caseloads of all its member countries and of non-OECD economies that agree to provide such statistics.

Public comments are invited on a discussion draft that includes proposals for changes to the OECD Model Tax Convention concerning the treaty residence of pension funds. Comments should be sent by 1 April 2016 at the latest.

In a continued effort to boost transparency in international tax matters, the OECD has today released its standardised electronic format for the exchange of Country-by-Country (CbC) Reports between jurisdictions – the CbC XML Schema – as well as the related User Guide.

Responses are invited to the questions included in a consultation document on issues and suggestions related to the impact of the Report on BEPS Action 6 on the tax treaty entitlement of non-CIV funds.

Public comments are invited on technical issues identified in a request for input related to the development of a multilateral instrument to implement the tax-treaty related BEPS measures. Comments should be sent by 30 June 2016 at the latest.

Today the OECD has taken a new step in its continuing efforts to boost transparency in international tax matters with the release of guidance on the implementation of country-by-country (CbC) reporting.

The four organisations, working jointly as the members of the new Platform for Collaboration on Tax have developed a series of recommendations and enabling actions which are laid out in this draft summary document. The Platform organisations seek comments from interested stakeholders on these recommendations by 8 July 2016.

The OECD has today released its standardised IT-format for providing structured feedback on exchanged Common Reporting Standard information – the CRS Status Message XML Schema – as well as the related User Guide.

Interested parties are invited to provide comments on a discussion draft which deals approaches to address BEPS involving interest in the banking and insurance sectors under Action 4 (Interest deductions and other financial payments) of the BEPS Action Plan.

Interested parties are invited to provide comments on a discussion draft which deals with branch mismatch structures under Action 2 (Neutralising the Effects of Hybrid Mismatch Arrangements) of the BEPS Action Plan.

On 20 October, the OECD released the key documents that will form the basis of the Mutual Agreement Procedure (MAP) peer review and monitoring process under Action 14 of the BEPS Action Plan. In accordance with the Assessment Methodology, the reviews will be conducted in batches, with the first batch commencing in December 2016.

The Inclusive Framework on BEPS has released two new documents to support the global implementation of Country-by-Country (CbC) reporting (BEPS Action 13).

The OECD’s work to advance tax certainty specifically includes work to improve the timeliness of processing and completing mutual agreement procedure (MAP) cases under tax treaties and to enhance the transparency of the MAP process. As part of that work, the OECD makes available annual statistics on the MAP caseloads of all its member countries and of non-OECD economies that agree to provide such statistics.

Today, the OECD released an updated version of the BEPS Action 4 Report (Limiting Base Erosion Involving Interest Deductions and Other Financial Payments), which includes further guidance on two areas: the design and operation of the group ratio rule, and approaches to deal with risks posed by the banking and insurance sectors.

Today the OECD released key documents, approved by the Inclusive Framework on BEPS, which will form the basis of the peer review of Action 13 Country-by-Country Reporting and for the peer review of the Action 5 transparency framework.

To further support the consistent implementation of the Common Reporting Standard (CRS), the OECD today released a series of additional CRS-related Frequently Asked Questions; and the second edition of the Standard for Automatic Exchange of Financial Account Information in Tax Matters.

The Inclusive Framework on BEPS has released additional guidance to provide essential information that will give certainty to tax administrations and MNE Groups alike on implementation of Country-by-Country (CbC) reporting (BEPS Action 13).

Today, another important step was taken to implement Country-by-Country Reporting in accordance with the BEPS Action 13 minimum standard, through activations of automatic exchange relationships under the Multilateral Competent Authority Agreement on the Exchange of CbC Reports.

Public comments are invited on a discussion draft which provides guidance on the implementation of the approach to pricing transfers of hard-to-value intangibles described in Chapter VI of the Transfer Pricing Guidelines.

Today the OECD released the key document, approved by the Inclusive Framework on BEPS, which will form the basis of the peer review of the Action 6 minimum standard on preventing the granting of treaty benefits in inappropriate circumstances.

Public comments are invited on two discussion drafts: Attribution of Profits to Permanent Establishments, which deals with work in relation to Action 7 of the BEPS Action Plan and the Revised Guidance on Profit Splits, which deals with work in relation to Actions 8-10 of the BEPS Action Plan.

The OECD Transfer Pricing Guidelines provide guidance on the application of the “arm’s length principle”, which represents the international consensus on the valuation, for income tax purposes, of cross-border transactions between associated enterprises.

The OECD has just released the draft contents of the 2017 update to the OECD Model Tax Convention. Comments are requested at this time only with respect to certain parts of the 2017 update that have not previously been released for comments.

The Inclusive Framework on BEPS has released additional guidance to give certainty to tax administrations and MNE Groups alike on the implementation of Country-by-Country (CbC) Reporting (BEPS Action 13).