Microsoft Security Response Center

**What is the nature of the spoofing?** An attacker could appear as a trusted user when they should not be. This could cause a user to mistakenly trust a signed email message as if it came from a legitimate user.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**In what scenarios is my computer vulnerable?** For Windows 11 and Windows 10 the FAX service is not installed by default. For the vulnerability to be exploitable, the Windows Fax and Scan feature needs to be enabled, and the Fax service needs to be running. Systems that do not have the Fax service running are not vulnerable. **How can I verify whether the Fax service is running?** 1. Hold the **Windows key** and press **R** on your keyboard. This will open the Run dialog. 2. Type _services.msc_ and press **Enter** to open the Services window. 3. Scroll through the list and locate the **Fax** service. * If the Fax service is not listed, Windows Fax and Scan is not enabled and the system is not vulnerable. * If the Fax service is listed but the status is not _Running_, then the system is not vulnerable at the time, but could be targeted if the service was started. The update should be installed as soon as possible or the Fax service should be removed if not needed.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.