Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.

Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.

Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.

Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.

Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally.

Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network.

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network.

Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally.

Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally.

Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.

Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally.

Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.