Opinions, tips, and news orbiting Microsoft
Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-32087 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network. Continue reading CVE-2026-33120 Microsoft SQL Server Remote Code Execution Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally. Continue reading CVE-2026-32085 Remote Procedure Call Information Disclosure Vulnerability
Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-33098 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows SSDP Service allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-32083 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Continue reading CVE-2026-33095 Microsoft Word Remote Code Execution Vulnerability
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows SSDP Service allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-32082 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-32224 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability