#Security Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to manipulate system operations in a specific manner.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires an authenticated client to click a link in order for an unauthenticated attacker to initiate remote code execution.

**According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability??** An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS).

**According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability??** An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS).

**According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.

**According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability??** An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS).

**Are there any additional steps that I need to follow to be protected from this vulnerability?** The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy.

**How could an attacker exploit this vulnerability?** An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.