Autor: Peter Leibling

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows Server Update Service allows an authorized attacker to elevate privileges locally.

Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

Double free in Windows Shell allows an authorized attacker to elevate privileges locally.

The vulnerability assigned to this CVE could lead to corruption of guest encrypted memory. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. Please see the following for…
Weiterlesen

Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.