#vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Capability Consent Manager (camsvc service) allows an unauthorized attacker to elevate privileges locally.

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.

**According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability?** An attacker must trick the user into interacting with a spoofed WebAuthn prompt and entering their credentials.

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of certain kernel memory content.

Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.

**How could an attacker exploit this vulnerability?** An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.

Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.