Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.

Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally.

Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.