TheWindowsUpdate.com

Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-42910 Windows Hotpatch Monitoring Service Elevation of Privilege Vulnerability→

Improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network. Continue reading CVE-2026-45483 Microsoft Office Project Server Spoofing Vulnerability→

Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network. Continue reading CVE-2026-47284 Visual Studio Code Information Disclosure Vulnerability→

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Continue reading CVE-2026-44818 Microsoft Excel Remote Code Execution Vulnerability→

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. Continue reading CVE-2026-45658 Windows BitLocker Security Feature Bypass Vulnerability→

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. Continue reading CVE-2026-45504 Microsoft Exchange Server Elevation of Privilege Vulnerability→

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. Continue reading CVE-2026-45654 Secure Boot Security Feature Bypass Vulnerability→

Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-45640 Windows Bluetooth Port Driver Elevation of Privilege Vulnerability→