Microsoft Security Response Center

**According to the CVSS metric, privileges required is high (PR:H). What privileges are required to exploit this vulnerability?** To successfully exploit the vulnerability, an attacker must be part of a specific user group.

Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to cause denial of service on the Hyper-V host environment.

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.