Microsoft Security Response Center Blog Alerts

Updated the build numbers. This is an informational update only.

Updated the build numbers. This is an informational update only.

Updated the build numbers. This is an informational update only.

Updated FAQ information. This is an informational change only.

Updated the build numbers. This is an informational update only.

Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard (non‑administrator) local user can invoke the IElevatorEdge interface method LaunchUpdateCmdElevatedAndWait, causing the service to execute privileged update commands as LocalSystem. This allows a non‑administrator to enable or disable Windows Virtualization‑Based Security (VBS) by modifying protected […]

Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.

Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Management Services allows an authorized attacker to elevate privileges locally.

Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network.