Microsoft Security Response Center

Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack.

Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally.

Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally.

Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack.

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 143.0.3650.139 01/08/2026 143.0.7499.192/.193

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) and integrity (I:N), but could lead to some loss of availability (A:L). What does that mean for this vulnerability?** An attacker using either a specially-crafted page or a content script injected into a target page can show an extension's popup over a permission prompt or screen share dialog allowing the extension to spoof parts of the prompt's UI that shows its origin.

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 143.0.3650.96 12/18/2025 143.0.7499.146/.147

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 143.0.3650.96 12/18/2025 143.0.7499.146/.147