Autor: Peter Leibling

Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Improper neutralization of special elements used in a command (‚command injection‘) in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.

Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over a network.