Nicolas Joly

**Name of the Vulnerable Software and Affected Versions** Microsoft Bing (affected versions not specified) **Description** The issue is related to missing authentication for a critical function in Microsoft Bing, allowing an unauthorized attacker to execute code over a network. This is due to inadequate authentication mechanisms in a critical Bing service component. The estimated number of potentially affected devices worldwide is not provided. There is information about real-world incidents where this issue was exploited, as it is mentioned that the vulnerability was actively exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. However, it is mentioned that Microsoft has addressed the critical security flaw, and there is no action for users of this service to take, as the vulnerability has already been fully mitigated by Microsoft.

**Name of the Vulnerable Software and Affected Versions** Microsoft Teams (affected versions not specified) **Description** The issue is related to insufficient input validation in Microsoft Teams, allowing a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Teams (affected versions not specified) **Description** The issue is related to insufficient input validation in Microsoft Teams, allowing a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft SQL Server (affected versions not specified) **Description** The issue is related to insufficient input validation in the database management system, which can be exploited to execute arbitrary code. This allows an attacker to potentially affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Exchange Server (affected versions not specified) **Description** The issue is related to a lack of protection for service data in Microsoft Exchange Server, which can be exploited to disclose protected information. This can allow an attacker to obtain sensitive information and potentially affect the system. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** kube-apiserver (affected versions not specified) **Description** A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Exchange Server (affected versions not specified) **Description** The issue is related to insufficient input validation in Microsoft Exchange Server, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows DNS Server (affected versions not specified) Description: The issue is related to errors in processing input data in the Windows DNS server service, which can be exploited by a remote attacker to execute arbitrary code. This can affect the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows DNS Server (affected versions not specified) Description: The issue is related to errors in processing input data in the Windows DNS Server service. It allows remote attackers to execute arbitrary code and affect the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows DNS Server (affected versions not specified) **Description** The issue is related to insufficient input validation in the Windows DNS Server service, which can be exploited by a remote attacker to cause a denial of service. This can also allow remote attackers to execute arbitrary code and affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 for Finance and Operations version 10.0.11 Description: The issue is related to errors in input data processing, which can allow a remote attacker to execute arbitrary code. An authenticated attacker with privileges to import and export data could exploit this by sending a specially crafted file to a vulnerable server. The vulnerability is addressed by correcting how the software handles user input. Recommendations: For version 10.0.11, apply the security update that corrects how Microsoft Dynamics 365 for Finance and Operations handles user input. As a temporary workaround, consider restricting access to import and export data functionalities to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** The issue is related to improper memory object handling, which can be exploited by a remote attacker using a specially crafted web page. This could lead to memory corruption, allowing the attacker to execute arbitrary code in the context of the current user. If the current user has administrative rights, the attacker could gain control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Git versions prior to 2.24.1 Git versions prior to 2.23.1 Git versions prior to 2.22.2 Git versions prior to 2.21.1 Git versions prior to 2.20.2 Git versions prior to 2.19.3 Git versions prior to 2.18.2 Git versions prior to 2.17.3 Git versions prior to 2.16.6 Git versions prior to 2.15.4 Git versions prior to 2.14.6 **Description** The issue is caused by too-lax validation of submodule names in Git, allowing very targeted attacks via remote code execution in recursive clones. This vulnerability may allow a remote attacker to gain unauthorized access to confidential data, cause a denial of service, and impact data integrity. **Recommendations** For versions prior to 2.24.1, update to version 2.24.1 or later. For versions prior to 2.23.1, update to version 2.23.1 or later. For versions prior to 2.22.2, update to version 2.22.2 or later. For versions prior to 2.21.1, update to version 2.21.1 or later. For versions prior to 2.20.2, update to version 2.20.2 or later. For versions prior to 2.19.3, update to version 2.19.3 or later. For versions prior to 2.18.2, update to version 2.18.2 or later. For versions prior to 2.17.3, update to version 2.17.3 or later. For versions prior to 2.16.6, update to version 2.16.6 or later. For versions prior to 2.15.4, update to version 2.15.4 or later. For versions prior to 2.14.6, update to version 2.14.6 or later.

**Name of the Vulnerable Software and Affected Versions** Git (affected versions not specified) **Description** The issue is related to a component that handles NTFS Alternate Data Streams in the distributed version control system Git. It is caused by an insufficient input validation mechanism. Exploitation of this issue could allow a remote attacker to gain unauthorized access to confidential data, cause a denial of service, and impact data integrity. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Visual Studio (affected versions not specified) **Description** The issue is related to insufficient input validation in Microsoft Visual Studio, a software development tool. This can be exploited by a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Visual Studio (affected versions not specified) **Description** The issue is related to insufficient input validation in Microsoft Visual Studio, allowing a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Git versions prior to 2.24.1 Git versions prior to 2.23.1 Git versions prior to 2.22.2 Git versions prior to 2.21.1 Git versions prior to 2.20.2 Git versions prior to 2.19.3 Git versions prior to 2.18.2 Git versions prior to 2.17.3 Git versions prior to 2.16.6 Git versions prior to 2.15.4 Git versions prior to 2.14.6 **Description** An issue was found in Git when running in the Windows Subsystem for Linux (WSL) while accessing a working directory on a regular Windows drive, where none of the NTFS protections were active. The vulnerability is related to a lack of security mechanism in the Git component, which can allow a remote attacker to gain unauthorized access to confidential data, cause a denial of service, and impact data integrity. **Recommendations** For Git versions prior to 2.24.1, update to version 2.24.1 or later. For Git versions prior to 2.23.1, update to version 2.23.1 or later. For Git versions prior to 2.22.2, update to version 2.22.2 or later. For Git versions prior to 2.21.1, update to version 2.21.1 or later. For Git versions prior to 2.20.2, update to version 2.20.2 or later. For Git versions prior to 2.19.3, update to version 2.19.3 or later. For Git versions prior to 2.18.2, update to version 2.18.2 or later. For Git versions prior to 2.17.3, update to version 2.17.3 or later. For Git versions prior to 2.16.6, update to version 2.16.6 or later. For Git versions prior to 2.15.4, update to version 2.15.4 or later. For Git versions prior to 2.14.6, update to version 2.14.6 or later.

**Name of the Vulnerable Software and Affected Versions** Git (affected versions not specified) **Description** The vulnerability in the recursive submodule cloning component of the distributed version control system Git is related to an insufficient input validation mechanism. Exploitation of this issue may allow a remote attacker to gain unauthorized access to confidential data, cause a denial of service, and impact data integrity. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Exchange Server (affected versions not specified) **Description** A denial of service issue exists due to improper handling of objects in memory. This can be exploited by a remote attacker by sending a specially crafted email, potentially causing a denial of service against the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server (affected versions not specified) Description: A remote code execution issue exists due to improper handling of objects in memory. This could allow a remote attacker to execute arbitrary code in the context of the System user by sending a specially crafted email message. An attacker who successfully exploits this issue could install programs, view, change, or delete data, or create new accounts. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.