#Security Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could execute code in the security context of the “NT AUTHORITY\\Network Service” account.

Use after free in Windows Resilient File System (ReFS) Deduplication Service allows an unauthorized attacker to elevate privileges locally.

Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.

Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.

Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.