Microsoft Security Response Center Blog Alerts

‘…/…//’ in Microsoft Office Outlook allows an authorized attacker to execute code locally.

Improper neutralization of special elements used in a command (‘command injection’) in Visual Studio allows an authorized attacker to execute code over a network.

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

Untrusted pointer dereference in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.