Windows App
Monthly
Windows App Installer fails to adequately authenticate package data, enabling network-based attackers to conduct spoofing attacks without user interaction. This vulnerability affects Windows and Windows App installations, potentially allowing threat actors to deceive users into installing malicious or tampered applications. While no patch is currently available, the low EPSS score suggests exploitation is unlikely in the near term.
Windows App for Mac is susceptible to privilege escalation through improper symbolic link resolution, enabling authenticated local attackers to bypass access controls and gain elevated privileges. The vulnerability stems from insufficient validation during file operations and requires low-level user privileges and specific system conditions to exploit. No patch is currently available.
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Windows App Installer fails to adequately authenticate package data, enabling network-based attackers to conduct spoofing attacks without user interaction. This vulnerability affects Windows and Windows App installations, potentially allowing threat actors to deceive users into installing malicious or tampered applications. While no patch is currently available, the low EPSS score suggests exploitation is unlikely in the near term.
Windows App for Mac is susceptible to privilege escalation through improper symbolic link resolution, enabling authenticated local attackers to bypass access controls and gain elevated privileges. The vulnerability stems from insufficient validation during file operations and requires low-level user privileges and specific system conditions to exploit. No patch is currently available.
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.