Autor: Peter Leibling

Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

Use after free in Windows Win32K – ICOMP allows an authorized attacker to elevate privileges locally.

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows WalletService allows an unauthorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows Management Services allows an authorized attacker to elevate privileges locally.

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Improper neutralization of input during web page generation (‚cross-site scripting‘) in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.