Microsoft Security Response Center Blog Alerts

Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network.

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Improper limitation of a pathname to a restricted directory (‘path traversal’) in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Kernel allows an authorized attacker to elevate privileges locally.

Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.

Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.

Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information. Google is aware that an exploit for CVE-2025-13223 exists in the wild.