Autor: Peter Leibling

Ein lokaler Angreifer kann eine Schwachstelle in Fortinet FortiOS, Fortinet FortiProxy und Fortinet FortiSwitch ausnutzen, um Dateien zu manipulieren.

Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.

Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows Management Services allows an authorized attacker to elevate privileges locally.

Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.