Microsoft Security Response Center Blog Alerts

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Improper neutralization of special elements used in a command (‘command injection’) in Azure Arc allows an authorized attacker to elevate privileges locally.

Use after free in DNS Server allows an unauthorized attacker to execute code over a network.

Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally.

Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.