#vulnerability

A vulnerability in Microsoft Exchange leaves over 29,000 servers vulnerable. Learn how this unpatched security hole could compromise…

**What type of information could be disclosed by this vulnerability?** System internal configuration could be disclosed by this vulnerability.

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** The attacker would gain the rights of the user that is running the affected application.

Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

**According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?** The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** A race condition is triggered when the admin begins administering from the host system and not a guest or nested guest.

Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.