Latest News

Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

**According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?** The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** A race condition is triggered when the admin begins administering from the host system and not a guest or nested guest.

Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.

**According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?** To successfully exploit this vulnerability, an attacker would need to have elevated access to certain attributes of the dMSA, specifically: * msds-groupMSAMembership: This attribute allows the user to utilize the dMSA. * msds-ManagedAccountPrecededByLink: The attacker needs write access to this attribute, which allows them to specify a user that the dMSA can act on behalf of.

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.