Microsoft Security Response Center Blog Alerts

Updated Security Impact values. This is an informational change only.

Acknowledgement added. This is an informational change only.

Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network.

Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network.

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Improper limitation of a pathname to a restricted directory (‘path traversal’) in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Kernel allows an authorized attacker to elevate privileges locally.

Stack-based buffer overflow in Software for Open Networking in the Cloud (SONiC) allows an unauthorized attacker to elevate privileges over a network.

Information published.

Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature over a network.