Autor: Peter Leibling

Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally.

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.

Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally.

External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.

Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.

Improper neutralization of special elements used in an sql command (’sql injection‘) in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges locally.

Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.