Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.

Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally.

Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.

Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.

Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.

Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.