External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally.

Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.

Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally.

Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally.

Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally.

Use after free in RPC Runtime allows an authorized attacker to execute code over a network.

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally.