Microsoft Security Response Center Blog Alerts

Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.

Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an authorized attacker to execute code over a network.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Improper link resolution before file access (‘link following’) in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.

Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.