22103 matches found
Microsoft Office Defense in Depth Update
Microsoft has released an update for Microsoft Office that provides enhanced security as a defense-in-depth measure. The update disables the Dynamic Data Exchange protocol DDE in all supported editions of Microsoft Word. Microsoft is continuing to investigate this issue and will update this...
Microsoft Teams Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network...
Microsoft Teams for iOS Spoofing Vulnerability
...
Microsoft SharePoint Server Security Feature Bypass Vulnerability
...
Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability
...
Windows SmartScreen Security Feature Bypass Vulnerability
...
Windows SMB Witness Service Elevation of Privilege Vulnerability
...
Chromium: CVE-2021-30554 Use after free in WebGL
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Microsoft is aware of reports that exploits for CVE-2021-30554 exist in the wild...
Windows Now Playing Session Manager Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way the Windows Now Playing Session Manager handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. ...
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
...
Windows Media Remote Code Execution Vulnerability
...
GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default
...
Microsoft Exchange Server Spoofing Vulnerability
...
.NET Framework Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or...
Windows App Installer Spoofing Vulnerability
...
Windows Kernel Elevation of Privilege Vulnerability
...
Windows Graphics Component Remote Code Execution Vulnerability
...
Microsoft Secure Boot Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in secure boot. An attacker who successfully exploited the vulnerability can bypass secure boot and load untrusted software. To exploit the vulnerability, an attacker could run a specially crafted application. The security update addresses the...
Azure DevOps Server Remote Code Execution Vulnerability
...
Windows Kernel Elevation of Privilege Vulnerability
...
Windows DNS Server Remote Code Execution Vulnerability
...
Microsoft splwow64 Elevation of Privilege Vulnerability
...
Microsoft Edge (Chromium-based) Spoofing Vulnerability
...
Chromium: CVE-2024-9962 Inappropriate implementation in Permissions
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
3D Viewer Remote Code Execution Vulnerability
...
GitHub: CVE-2022-41953 Git GUI Clone Remote Code Execution Vulnerability
...
Microsoft Office Remote Code Execution Vulnerability
...
Active Directory Certificate Services Elevation of Privilege Vulnerability
...
Visual Studio Remote Code Execution Vulnerability
...
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
...
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
...
Chromium: CVE-2021-30561 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible...
Microsoft SQL OLE DB Remote Code Execution Vulnerability
...
Windows Enterprise App Management Service Remote Code Execution Vulnerability
...
Windows Print Spooler Elevation of Privilege Vulnerability
...
Chromium: CVE-2022-0797 Out of bounds memory access in Mojo
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
...
Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilities
Executive Summary On May 14, 2019, Intel published information about a new subclass of speculative execution side channel vulnerabilities known as Microarchitectural Data Sampling. An attacker who successfully exploited these vulnerabilities may be able to read privileged data across trust...
Windows Installer Elevation of Privilege Vulnerability
...
3D Viewer Remote Code Execution Vulnerability
...
.NET Denial of Service Vulnerability
...
Windows Setup Files Cleanup Remote Code Execution Vulnerability
...
Windows Overlay Filter Elevation of Privilege Vulnerability
...
Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update)
...
Microsoft SharePoint Server Remote Code Execution Vulnerability
...
Chromium CVE-2021-21149: Stack overflow in Data Transfer
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Agentic AI and Visual Studio Code Remote Code Execution Vulnerability
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network...
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
...
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
...