Microsoft Security Response Center Blog Alerts

Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network.

Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally.

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally.