Microsoft Security Response Center Blog Alerts

Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally.

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally.

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.