Windows Security

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.View the full article

Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.View the full article

Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.View the full article

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.View the full article

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.View the full article

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.View the full article

Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.View the full article

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.View the full article

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.View the full article

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.View the full article

Information published.View the full article

The following updates have been made to CVE-2024-30098: 1. In the Security Updates table, added all supported versions of the following as they are affected by this vulnerability: Windows 11 24H2 and Windows Server 2025. 2. To comprehensively address this vulnerability, Microsoft has released March 2025 security updates for all affected versions of Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2022 23H2 Edition, Windows 10, and Windows 11. 3. Updated the "Are there any further actions I need to take to be protected from this vulnerability?" FAQ to state that Starting with the April 2025, the fix will automatically generate an audit event in cases where the Cryptographic Service Provider (CSP) is being used with RSA keys. If you have not already enabled the fix using the DisableCapiOverrideForRSA setting, you should monitor your systems for any error events in the Windows system event log. See the FAQ section of this CVE for more information.View the full article

Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.View the full article

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.View the full article

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.View the full article

Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.View the full article

Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.View the full article

Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.View the full article

Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.View the full article

Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally.View the full article

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.View the full article

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.View the full article

Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.View the full article

Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.View the full article

Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.View the full article