Autor: Peter Leibling

Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows Kernel allows an authorized attacker to elevate privileges locally.

Improper link resolution before file access (‚link following‘) in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.

Improper neutralization of special elements used in a command (‚command injection‘) in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network.

Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally.

Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.

Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Improper neutralization of input during web page generation (‚cross-site scripting‘) in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally.