Latest News

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally.

Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally.

Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

Deserialization of untrusted data in Microsoft Windows Codecs Library allows an unauthorized attacker to execute code locally.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.