Microsoft Security Response Center Blog Alerts

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

Improper link resolution before file access (‘link following’) in Microsoft Windows allows an authorized attacker to elevate privileges locally.

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally.

Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.