Latest News

Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.

Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network.

Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.

Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

Out-of-bounds read in Windows Transport Security Layer (TLS) allows an unauthorized attacker to deny service over a network.

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

**How could an attacker exploit this vulnerability?** In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attackers server with the vulnerable Remote Desktop Client.