Microsoft Security Response Center

**What is the attack vector for this vulnerability?** An attacker can write to any file where the webserver user (nt authority\\network service) has write access.

**What privileges does the attacker gain?** An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents.

*What data can be disclosed by this vulnerability?* This vulnerability allows disclosing user data redirected to the profile or Office container via FSLogix Cloud cache. This data can include user profile settings and files.

*What type of information could be disclosed by this vulnerability?* The type of information that could be disclosed if an attacker successfully exploited this vulnerability is read access to Windows RDP client passwords by RDP server administrators.

*What type of information could be disclosed by this vulnerability?* The type of information that could be disclosed if an attacker successfully exploited this vulnerability is read access to Windows RDP client passwords by RDP server administrators.

*How could an attacker exploit this vulnerability?* An authorized attacker could exploit this Windows COM vulnerability by sending from a user mode application specially crafted malicious COM traffic directed at the COM Server, which might lead to remote code execution.

*What privileges does the attacker gain?* An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents.

*What privileges does the attacker gain?* An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents.

*What privileges does the attacker gain?* An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents.

*Where can I find more information about the improved authentication process added by the update for CVE-2021-42287?* See Authentication updates.