Microsoft Security Response Center

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** A user would need to join a malicious Microsoft Teams meeting set up by the attacker.

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** A user would need to join a malicious Microsoft Teams meeting set up by the attacker.

**How could an attacker exploit this vulnerability?** An authenticated attacker who is on the same intranet as the Exchange server can achieve remote code execution via a PowerShell remoting session.

**What type of information could be disclosed by this vulnerability?** This vulnerability makes it possible to listen to any group or user with a specially crafted group/username. By exploiting this vulnerability, the attacker can now receive messages for group(s) that they are unauthorized to view.

**How could an attacker exploit this vulnerability?** To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

**Why is this AMD CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. Please see the following for more information: * AMD-SB-7005

**How could an attacker exploit this vulnerability?** An authenticated attacker who is on the same intranet as the Exchange server can achieve remote code execution via a PowerShell remoting session.

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on install to be compromised by the attacker.

**Are the updates for the Microsoft Office for Mac currently available?** The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.