TheWindowsUpdate.com

Access of resource using incompatible type (‘type confusion’) in Microsoft Office allows an unauthorized attacker to execute code locally. Continue reading CVE-2026-45456 Microsoft Outlook and Word Remote Code Execution Vulnerability→

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally. Continue reading CVE-2026-42971 Windows Push Notification Information Disclosure Vulnerability→

Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-33828 Windows Device Health Attestation (DHA) Elevation of Privilege Vulnerability→

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. Continue reading CVE-2026-44821 Microsoft Office Information Disclosure Vulnerability→

Improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. Continue reading CVE-2026-45468 Microsoft SharePoint Server Spoofing Vulnerability→

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally. Continue reading CVE-2026-42906 Windows Shell Information Disclosure Vulnerability→

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. Continue reading CVE-2026-45460 Microsoft Office Information Disclosure Vulnerability→

Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network. Continue reading CVE-2026-42904 Windows TCP/IP Elevation of Privilege Vulnerability→