Microsoft Security Response Center Blog Alerts

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the [Release Notes](https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates) for more information.

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally.