#Security Vulnerability

**How can I verify that the update is installed?** Customers wanting to ensure the client has been updated can run the MDE Client Analyzer on the device. When running the analyzer on a Windows device that does not have the security update, the analyzer will present a warning (ID 121035) indicating missing patch and directing to relevant online article. Additionally, if the update is installed, but the Anti-Spoofing capability is not in a stable state, the analyzer will present warning (ID 121036) indicating an issue and providing additional online guidance or callout to reach out to Microsoft support if issue persists.

External control of file name or path in .NET allows an authorized attacker to perform spoofing locally.

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.

Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to first prepare the target so that it uses Edge in Internet Explorer Mode.