#windows

Heap-based buffer overflow in Microsoft Windows Codecs Library allows an authorized attacker to execute code locally.

**Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?** The security update for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

Improper access control in Windows Defender Application Control (WDAC) allows an authorized attacker to bypass a security feature locally.

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.

Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally.

Uncontrolled resource consumption in Windows Kerberos allows an unauthorized attacker to deny service over a network.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**How could an attacker exploit this vulnerability?** An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.