Autor: Peter Leibling

Use after free in Xbox allows an authorized attacker to elevate privileges locally.

Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network.

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.

Access of resource using incompatible type (‚type confusion‘) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

Access of resource using incompatible type (‚type confusion‘) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.