Microsoft Security Response Center Blog Alerts

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Improper neutralization of special elements used in an sql command (‘sql injection’) in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.

Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the [Release Notes](https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates) for more information.