Autor: Peter Leibling

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Access of resource using incompatible type (‚type confusion‘) in Microsoft Office allows an unauthorized attacker to execute code locally.

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows Device Association Service allows an authorized attacker to elevate privileges locally.

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.

Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.

Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.