Kategorie: Allgemein

External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.

Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.

Improper neutralization of special elements used in an sql command (’sql injection‘) in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges locally.

Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Concurrent execution using shared resource with improper synchronization (‚race condition‘) in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.

Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally.

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.