Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. A user would need to be tricked into opening a folder that contains a specially crafted file.

The vulnerability relates to the use of Windows .URL files to execute a remote binary via a UNC path. When the targeted user opens or previews the .URL file (for example, from an email), the system attempts to access the specified path (for example, a WebDAV or SMB share), resulting in the execution of arbitrary code. Depending on the email client used, the vulnerability could be exploited as zero-click by simply displaying the attachment in the preview window or by clicking on it, or it could be blocked based on the target system's policies.

A vulnerability in the Microsoft Management Console (MMC) allows remote code execution via social engineering. The attack uses malicious HTML content in .msc file via an embedded ActiveX, exploiting the rendering of Windows' internal Internet Explorer. This update removes the one-link tag

A vulnerability in the Microsoft Management Console (MMC) allows remote code execution via social engineering. The attack uses malicious HTML content in .msc file via an embedded ActiveX, exploiting the rendering of Windows' internal Internet Explorer.

External control of file name or path in Windows NTLMv2 allows an unauthorized attacker to perform spoofing over a network.

The vulnerability exploits Office URI schemes to redirect HTTP requests to UNC paths using redirection. This enables attackers to bypass URI restrictions and capture NTLMv2 hashes.