Opinions, tips, and news orbiting Microsoft
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network. Continue reading CVE-2026-45635 Windows UPnP Device Host Remote Code Execution Vulnerability
Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally. Continue reading CVE-2026-45656 UEFI Secure Boot Security Feature Bypass Vulnerability
Updated an acknowledgement. This is an informational change only. Continue reading CVE-2026-45597 Windows UI Automation Manager (uiamanager.dll) Elevation of Privilege Vulnerability
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. Continue reading CVE-2026-45655 Windows BitLocker Security Feature Bypass Vulnerability
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. Continue reading CVE-2026-44801 Remote Desktop Client Remote Code Execution Vulnerability
User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network. Continue reading CVE-2026-45650 Microsoft Bing Search Spoofing Vulnerability
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-42977 Windows Push Notifications Elevation of Privilege Vulnerability
Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally. Continue reading CVE-2026-45649 Office for Android Spoofing Vulnerability