Microsoft » Windows 10 : Security Vulnerabilities, CVEs, CVSS score between 2 and 4.99

Windows Overlay Filter Information Disclosure Vulnerability

Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability

BitLocker Security Feature Bypass Vulnerability

Windows USB Serial Driver Information Disclosure Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Windows Event Logging Service Denial of Service Vulnerability

Windows Defender Credential Guard Information Disclosure Vulnerability

Windows Connected Devices Platform Service Information Disclosure Vulnerability

BitLocker Security Feature Bypass Vulnerability

Windows Hyper-V Security Feature Bypass Vulnerability

Media Foundation Information Disclosure Vulnerability

Windows Hyper-V Denial of Service Vulnerability

Windows Defender Credential Guard Security Feature Bypass Vulnerability

Windows Hyper-V Security Feature Bypass Vulnerability

Secure Boot Security Feature Bypass Vulnerability

Windows Kernel Information Disclosure Vulnerability

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability

Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability

Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

<p>An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.</p> <p>To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>The update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.</p>

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.

This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'.