A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output, aka 'Remote Code Execution Vulnerability in Application Inspector'.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Office Security Feature Bypass Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to execute code over a network.
Missing authorization in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
Microsoft Power Platform Connector Spoofing Vulnerability
Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.
Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Office app Remote Code Execution Vulnerability
A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim. Combining these 2 vulnerabilities together, an attacker is able to upload malicious Power BI templates files to the server using the victim's session and run scripts in the security context of the user and perform privilege escalation in case the victim has admin privileges when the victim access one of the HTML files present in the malicious Power BI template uploaded. The security update addresses the vulnerability by helping to ensure that Power BI Report Server properly sanitize file uploads.
Visual Studio Denial of Service Vulnerability
Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
Paint 3D Remote Code Execution Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability
Win32k Elevation of Privilege Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
Microsoft ActiveX Remote Code Execution Vulnerability
Microsoft SharePoint Server Denial of Service Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Microsoft Failover Cluster Information Disclosure Vulnerability
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Microsoft SQL OLE DB Remote Code Execution Vulnerability
Paint 3D Remote Code Execution Vulnerability