Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally.

Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.

Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally.

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally.