Microsoft Security Response Center Blog Alerts

Improper neutralization of special elements used in a command (‘command injection’) in Visual Studio allows an unauthorized attacker to execute code locally.

Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally.

Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

Access of resource using incompatible type (‘type confusion’) in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.

Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally.

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Access of resource using incompatible type (‘type confusion’) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.