Microsoft Security Response Center Blog Alerts

Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

Improper link resolution before file access (‘link following’) in Windows Update Stack allows an authorized attacker to elevate privileges locally.

Access of resource using incompatible type (‘type confusion’) in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.

Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.

Improper input validation in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.