| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| <p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.</p>
<p>To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.</p>
<p>The security update addresses the vulnerability by ensuring the Windows Storage Services properly handle file operations.</p> |
| <p>An information disclosure vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system (low-integrity to medium-integrity).</p>
<p>This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted.</p>
<p>The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.</p> |
| <p>An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p>
<p>To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.</p>
<p>The security update addresses the vulnerability by ensuring the dnsrslvr.dll properly handles objects in memory.</p> |
| <p>An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>
<p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p>
<p>The security update addresses the vulnerability by correcting how NTFS checks access.</p> |
| <p>A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity.</p>
<p>This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted.</p>
<p>The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls..</p> |
| <p>An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. An attacker who successfully exploited this vulnerability could modify the cryptographic catalog.</p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p>
<p>The security update addresses the vulnerability by addressing how the Windows Cryptographic Catalog Services handle objects in memory.</p> |
| <p>An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.</p>
<p>To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.</p>
<p>The security update addresses the vulnerability by ensuring the Windows Storage Services properly handle file operations.</p> |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. |
| Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally. |
| Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. |
| External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network. |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. |
| Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally. |
| Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. |
| Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally. |
| Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally. |
| Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally. |
| Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally. |
