Microsoft Security Response Center Blog Alerts

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.

Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.

Corrected CVE title. This is an informational change only.

Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network.

Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network.

Access of resource using incompatible type (‘type confusion’) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.