Autor: Peter Leibling

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally.

Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally.

Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.

Improper neutralization of special elements used in an sql command (’sql injection‘) in SQL Server allows an authorized attacker to elevate privileges over a network.

Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows DirectX allows an authorized attacker to deny service over a network.

Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.