CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability

21 Mei 2026 om 16:00

Added a script to implement a mitigation and removed the manual mitigations. Please read the information to decide if you need to run the provided script.

CVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per node

Microsoft Security

21 Mei 2026 om 10:39

Information published.

CVE-2026-43970 Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame

Microsoft Security

21 Mei 2026 om 10:03

Information published.

CVE-2026-45736 ws: Uninitialized memory disclosure

Microsoft Security

21 Mei 2026 om 10:03

Information published.

CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection

Microsoft Security

21 Mei 2026 om 10:03

Information published.

CVE-2026-44390 Unbounded name compression in certain cases causes degradation of service

Microsoft Security

21 Mei 2026 om 10:03

Information published.

CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options

Microsoft Security

21 Mei 2026 om 10:03

Information published.

CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations

Microsoft Security

21 Mei 2026 om 10:02

Information published.

CVE-2026-40622 Another 'ghost domain names' attack variant

Microsoft Security

21 Mei 2026 om 10:02

Information published.

CVE-2026-42534 Jostle logic bypass degrades resolution performance

Microsoft Security

21 Mei 2026 om 10:02

Information published.

CVE-2026-41292 Long list of incoming EDNS options degrades performance

Microsoft Security

21 Mei 2026 om 10:02

Information published.

CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation

Microsoft Security

21 Mei 2026 om 10:02

Information published.

CVE-2026-44608 Use after free and crash under special conditions in RPZ code

Microsoft Security

21 Mei 2026 om 10:02

Information published.

CVE-2026-42959 Crash during DNSSEC validation of malicious content

Microsoft Security

21 Mei 2026 om 10:02

Information published.

CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section

Microsoft Security

21 Mei 2026 om 10:02

Information published.

CVE-2026-32792 Packet of death with DNSCrypt

Microsoft Security

21 Mei 2026 om 10:02

Information published.

CVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write

Microsoft Security

21 Mei 2026 om 10:02

Information published.

CVE-2026-47783 In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.

Microsoft Security

21 Mei 2026 om 10:01

Information published.

CVE-2026-47784 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.

Microsoft Security

21 Mei 2026 om 10:01

Information published.

CVE-2026-46333 ptrace: slightly saner 'get_dumpable()' logic

Microsoft Security

21 Mei 2026 om 10:01

Information published.

CVE-2026-45232 Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy

Microsoft Security

21 Mei 2026 om 10:01

Information published.

CVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname Resolution

Microsoft Security

21 Mei 2026 om 10:01

Information published.

CVE-2026-43620 Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files()

Microsoft Security

21 Mei 2026 om 10:01

Information published.

CVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information Disclosure

Microsoft Security

21 Mei 2026 om 10:01

Information published.

CVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls

Microsoft Security

21 Mei 2026 om 10:01

Information published.

CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability

Microsoft Security

20 Mei 2026 om 16:00

The security impact for this vulnerability has been revised from Critical to Important. In addition, the CVSS vector and FAQs were modified. This change does not affect the available security updates. Customers should continue to install the recommended updates to remain protected from this vulnerability.