Microsoft Security Response Center

Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Heap-based buffer overflow in Microsoft Windows Codecs Library allows an authorized attacker to execute code locally.

Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.

**Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?** The security update for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

Improper access control in Windows Defender Application Control (WDAC) allows an authorized attacker to bypass a security feature locally.

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.

Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally.

Improper input validation in Azure Local allows an authorized attacker to elevate privileges locally.

**How could an attacker exploit this vulnerability?** An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow elevation of privilege to System.