Autor: Peter Leibling

Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.

The vulnerability assigned to this CVE could lead to corruption of guest encrypted memory. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. Please see the following for…
Weiterlesen

Access of resource using incompatible type (‚type confusion‘) in Windows OLE allows an authorized attacker to elevate privileges locally.

Untrusted pointer dereference in Windows Win32K – ICOMP allows an authorized attacker to elevate privileges locally.

Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.

Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.

Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.

Double free in Windows Shell allows an authorized attacker to elevate privileges locally.

Improper neutralization of special elements used in an sql command (’sql injection‘) in SQL Server allows an authorized attacker to elevate privileges locally.

Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.