| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| <p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p>
<p>An authenticated attacker could exploit this vulnerability by running a specially crafted application.</p>
<p>The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.</p>
|
| <p>An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory.</p>
<p>To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to an affected DHCP server. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p>
<p>The security update addresses the vulnerability by correcting how DHCP servers initializes memory.</p>
|
| <p>An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>
<p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.</p>
<p>The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.</p>
|
| <p>An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine.</p>
<p>To exploit this vulnerability, an attacker would need to launch a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine. An attacker could then create a group policy to grant administrator rights to a standard user.</p>
<p>The security update addresses the vulnerability by enforcing Kerberos authentication for certain calls over LDAP.</p>
|
| Microsoft Windows Security Feature Bypass Vulnerability |
| Microsoft Defender for Endpoint Security Feature Bypass Vulnerability |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Windows Update Stack Elevation of Privilege Vulnerability |
| Windows Update Orchestrator Service Elevation of Privilege Vulnerability |
| Windows USO Core Worker Elevation of Privilege Vulnerability |
| Windows Update Orchestrator Service Elevation of Privilege Vulnerability |
| Windows Update Orchestrator Service Elevation of Privilege Vulnerability |
| Windows Delivery Optimization Information Disclosure Vulnerability |
| Windows Update Medic Service Elevation of Privilege Vulnerability |
| Windows NDIS Information Disclosure Vulnerability |
| Windows GDI+ Remote Code Execution Vulnerability |
| Windows Win32k Elevation of Privilege Vulnerability |
| Windows Network File System Information Disclosure Vulnerability |
| Windows Remote Access Elevation of Privilege Vulnerability |
| Windows Network File System Remote Code Execution Vulnerability |
