#rce

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally.

**According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?** Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

**How can I tell if this issue affects me, and what steps should I take to stay protected?** If you have Azure Monitor Agent extension version 1.37.0 or below you are affected. To protect your device, please upgrade to version 1.37.1 and above.