Microsoft Security Response Center Blog Alerts

Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.

Improper input validation in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally.

Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally.

Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.

Sensitive data storage in improperly locked memory in Windows Win32K – GRFX allows an authorized attacker to elevate privileges locally.

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network.

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Secure Channel allows an authorized attacker to elevate privileges locally.