#Security Vulnerability

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Use after free in Windows Resilient File System (ReFS) Deduplication Service allows an unauthorized attacker to elevate privileges locally.

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges locally.

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could gain administrator privileges.

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to have a deep understanding of the system. Successful exploitation is not guaranteed and depends on a combination of factors that might include the environment, system configuration, and the presence of additional security measures.

Exposure of sensitive information to an unauthorized actor in Windows Kernel Memory allows an unauthorized attacker to disclose information locally.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.