Microsoft Security Response Center Blog Alerts

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

Access of resource using incompatible type (‘type confusion’) in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.

Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally.

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Access of resource using incompatible type (‘type confusion’) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.

Heap-based buffer overflow in Windows Win32K – GRFX allows an unauthorized attacker to execute code locally.

Improper link resolution before file access (‘link following’) in Windows Installer allows an authorized attacker to disclose information locally.

Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.