Microsoft Security Response Center Blog Alerts

Added FAQ information. This is an informational change only.

Improper neutralization of special elements used in a command (‘command injection’) in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.

Access of resource using incompatible type (‘type confusion’) in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

Added Affected Software for Windows packages

Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.

Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.

Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.

Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.