Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.

Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network.

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network.