#windows

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized stack memory.

Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.

**Is there more information that is available on Windows SDK?** Yes. Please see: Windows SDK - Windows app development which explains the Windows SDK and advises how to install and maintain the product.