Autor: Peter Leibling

Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.

Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.

Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.

Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.