Vulnerabilities > Microsoft > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-12 | CVE-2020-0690 | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. | 9.8 |
| 2020-01-14 | CVE-2020-0654 | Unspecified vulnerability in Microsoft Onedrive A security feature bypass vulnerability exists in Microsoft OneDrive App for Android.This could allow an attacker to bypass the passcode or fingerprint requirements of the App.The security update addresses the vulnerability by correcting the way Microsoft OneDrive App for Android handles sharing links., aka 'Microsoft OneDrive for Android Security Feature Bypass Vulnerability'. | 9.1 |
| 2020-01-14 | CVE-2020-0646 | XML Injection (aka Blind XPath Injection) vulnerability in Microsoft .Net Framework A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'. | 9.8 |
| 2020-01-14 | CVE-2020-0610 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. | 9.8 |
| 2020-01-14 | CVE-2020-0609 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. | 9.8 |
| 2019-11-12 | CVE-2019-1449 | Unspecified vulnerability in Microsoft Office and Office 365 Proplus A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would have to run a specially crafted file, aka 'Microsoft Office ClickToRun Security Feature Bypass Vulnerability'. | 9.8 |
| 2019-11-12 | CVE-2019-1384 | Insufficiently Protected Credentials vulnerability in Microsoft products A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'. | 9.9 |
| 2019-11-12 | CVE-2019-1373 | Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server 2013/2016/2019 A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. | 9.8 |
| 2019-11-12 | CVE-2019-0721 | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. | 9.1 |
| 2019-11-12 | CVE-2019-0719 | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. | 9.1 |