Microsoft Security Response Center Blog Alerts

Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Use after free in Windows Win32K – GRFX allows an unauthorized attacker to elevate privileges over a network.

Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Secure Channel allows an authorized attacker to elevate privileges locally.

Uncontrolled resource consumption in Windows LDAP – Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.

Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.

Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally.