Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory.
Windows Themes Spoofing Vulnerability
Azure Stack Hub Spoofing Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. In a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory.
Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network.
Microsoft Outlook Spoofing Vulnerability
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Microsoft Outlook Information Disclosure Vulnerability
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Outlook Spoofing Vulnerability
Microsoft OneNote Spoofing Vulnerability
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Microsoft Exchange Server Spoofing Vulnerability
Microsoft Exchange Server Spoofing Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to disclose information over a network.
Remote Desktop Protocol Client Information Disclosure Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Teams Information Disclosure Vulnerability
Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
Remote Desktop Protocol Client Information Disclosure Vulnerability
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
Windows Remote Assistance Information Disclosure Vulnerability
Microsoft Word Information Disclosure Vulnerability
Microsoft WordPad Information Disclosure Vulnerability
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Microsoft Accessibility Insights for Web Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.
Windows MSHTML Platform Spoofing Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Office Spoofing Vulnerability
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
Windows SMB Client Security Feature Bypass Vulnerability
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Windows Graphics Component Information Disclosure Vulnerability
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability