Microsoft Security Response Center

Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

Out-of-bounds read in Windows Transport Security Layer (TLS) allows an unauthorized attacker to deny service over a network.

Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.

Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network.

Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**