Autor: Peter Leibling

Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.

Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.

Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.

Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

Am April-Patchday behandelt SAP Schwachstellen mit 19 Sicherheitsnotizen. Eine kritische erlaubt das Einschleusen von SQL-Befehlen.

Ein lokaler Angreifer kann eine Schwachstelle in QEMU ausnutzen, um Informationen offenzulegen, zu verändern oder einen Denial of Service zu verursachen.