CVE-2025-21380 Azure Marketplace SaaS Resources Information Disclosure Vulnerability
Published January 9, 2025
Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network.
Microsoft Security Response Center Blog Alerts
CVE-2013-3900 WinVerifyTrust Signature Validation Vulnerability
Published December 23, 2024
Providing further clarification about how to configure the EnableCertPaddingCheck registry value to implement and revert the improvement to authenticode signature verification. Customers who had successfully followed previous guidance do not need to make further changes to their systems. Although Windows treats the EnableCertPaddingCheck value as a DWORD, its actual registry value type does not matter, as long as all these length and data requirements are met. See the **Suggested Actions** section for more information.
Chromium: CVE-2024-12692 Type Confusion in V8
Published December 19, 2024
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-12695 Out of bounds write in V8
Published December 19, 2024
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-12693 Out of bounds memory access in V8
Published December 19, 2024
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-12694 Use after free in Compositing
Published December 19, 2024
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
CVE-2024-43594 Microsoft System Center Elevation of Privilege Vulnerability
Published December 18, 2024
Corrected CVE title and Vulnerability Family to specify System Center as the affected product line. Corrected Fixed Build Numbers and Download links in the Security Updates table. Added FAQs explaining which customers are affected and the mitigation actions required. This is an informational change only.
CVE-2024-49147 Microsoft Update Catalog Elevation of Privilege Vulnerability
Published December 12, 2024
Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver.
Chromium: CVE-2024-12381 Type Confusion in V8
Published December 12, 2024
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
Chromium: CVE-2024-12382 Use after free in Translate
Published December 12, 2024
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
