Microsoft Security Response Center Blog Alerts

Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Secure Channel allows an authorized attacker to elevate privileges locally.

Uncontrolled resource consumption in Windows LDAP – Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.

Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.

Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally.

Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.