| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. |
| Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally. |
| Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network. |
| Improper verification of cryptographic signature in GitHub allows an unauthorized attacker to perform spoofing over an adjacent network. |
| Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. |
| External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network. |
| Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.
Fax modem hardware dependent on this specific driver will no longer work on Windows.
Microsoft recommends removing any existing dependencies on this hardware. |
| A vulnerability in an AOS firmware binary allows an authenticated malicious actor to permanently delete necessary boot information. Successful exploitation may render the system unbootable, resulting in a Denial of Service that can only be resolved by replacing the affected hardware. |
| A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. |
| Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. |
| Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network. |
| Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
| Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally. |
| Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally. |
| Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. |
| Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally. |
| Generation of error message containing sensitive information in Windows USB Video Driver allows an authorized attacker to disclose information locally. |
