#vulnerability

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally.

Out-of-bounds read in TCG TPM2.0 allows an authorized attacker to disclose information locally.

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could gain administrator privileges.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** A user interacting with the file in multiple ways will cause the NTLM hash to be leaked. A few interactions which trigger this leak include: * Opening the parent folder in Explorer * Clicking the file (any mouse button) * Dragging the file * Deleting the file

**How could an attacker exploit this vulnerability?** A remote, unauthenticated attacker could send a crafted event that triggers unsafe object deserialization in a legacy serialization mechanism, resulting in remote code execution.

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.