#Windows NTFS

Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally.

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

**Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?** The security update for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability includes unauthorized access to the file system, specifically file path information.

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally.

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

**According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?** An attacker needs physical access to the target computer to plug in a malicious USB drive.

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.