Windows Security

In the Security Updates table added Windows Server 2022, 23H2 Edition (Server Core installation) as it is affected by this vulnerability. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.View the full article

Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally.View the full article

Use after free in DNS Server allows an unauthorized attacker to execute code over a network.View the full article

Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.View the full article

Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.View the full article

Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.View the full article

Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.View the full article

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.View the full article

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.View the full article

Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack.View the full article

Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally.View the full article

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.View the full article

Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally.View the full article

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.View the full article

Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.View the full article

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.View the full article

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.View the full article

Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally.View the full article

Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.View the full article

Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.View the full article

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.View the full article

Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.View the full article

Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.View the full article

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.View the full article

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.View the full article