#microsoft

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.

Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

**How can I verify that the update is installed?** Customers wanting to ensure the client has been updated can run the MDE Client Analyzer on the device. When running the analyzer on a Windows device that does not have the security update, the analyzer will present a warning (ID 121035) indicating missing patch and directing to relevant online article. Additionally, if the update is installed, but the Anti-Spoofing capability is not in a stable state, the analyzer will present warning (ID 121036) indicating an issue and providing additional online guidance or callout to reach out to Microsoft support if issue persists.

A Türkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber espionage attack campaign since April 2024. "These exploits have resulted in a collection of related user data from targets in Iraq," the Microsoft Threat Intelligence team said. "The targets of the attack are associated with the Kurdish

Optimizing your online productivity is more important than ever. Whether you’re a business owner, freelancer, or simply someone…

As AI-driven fraud becomes increasingly common, more people feel the need to verify every interaction they have online.

Varonis reveals attackers are using SEO poisoning to trick IT admins into downloading malware, alongside a critical root…