Microsoft Security Response Center Blog Alerts

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.

Access of resource using incompatible type (‘type confusion’) in Windows Win32K – ICOMP allows an authorized attacker to elevate privileges locally.

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network.

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

Information published.

Information published.