R4Nger

**Name of the Vulnerable Software and Affected Versions** versions prior to 2026-21219 **Description** A use after free issue exists in Inbox COM Objects. This allows an unauthorized attacker to execute code locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows (affected versions not specified) Description: A flaw exists in the Windows UI XAML Maps MapControlSettings component due to improper synchronization during concurrent execution using a shared resource, leading to a race condition. This issue allows a locally authenticated attacker to gain elevated privileges. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows (affected versions not specified) Description: A use-after-free issue exists in the Windows UI XAML Phone DatePickerFlyout component. This flaw allows a locally authorized attacker to elevate privileges. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows (affected versions not specified) Description: Missing authentication for a critical function within the Windows StateRepository API can allow a local attacker to elevate privileges. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows versions (affected versions not specified) Description: An issue exists in Windows Push Notifications related to access of a resource using an incompatible type, also known as a 'type confusion'. This can allow an authorized attacker to elevate privileges locally. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Workspace Broker (affected versions not specified) Description: The issue is related to concurrent execution using a shared resource with improper synchronization, also known as a 'race condition', in Workspace Broker. This allows an authorized attacker to elevate privileges locally. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Universal Print Management Service (affected versions not specified) Description: The issue concerns a use after free condition in the Universal Print Management Service, allowing an authorized attacker to elevate privileges locally. This means an attacker with initial access could potentially gain higher levels of access to the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Input Method Editor (IME) (affected versions not specified) Description: The issue is related to a use after free condition in the Microsoft Input Method Editor (IME), which allows an authorized attacker to elevate privileges locally. This means an attacker with local access can potentially exploit this condition to gain higher privileges on the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Notification (affected versions not specified) Description: The issue is related to a use after free condition in Windows Notification, allowing an authorized attacker to locally elevate privileges. This can potentially be exploited by an attacker with authorized access to the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Notification (affected versions not specified) Description: The issue is related to a use after free condition in Windows Notification, allowing an authorized attacker to elevate privileges locally. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows (affected versions not specified) Description: The issue concerns missing authorization in the Windows StateRepository API, allowing an authorized attacker to perform local tampering. This means that an attacker with certain privileges can manipulate the system locally due to the lack of proper authorization checks in the API. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Input Method Editor (IME) (affected versions not specified) Description: The issue is related to an out-of-bounds read in the Microsoft Input Method Editor (IME), which allows an authorized attacker to elevate privileges locally. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Deployment Services (affected versions not specified) Description: The issue is related to uncontrolled resource consumption in Windows Deployment Services, allowing an unauthorized attacker to deny service locally. This is a denial-of-service vulnerability that can affect the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Agent Installer (affected versions not specified) **Description** The issue is related to improper privilege management in the Azure Agent Installer, which allows an authorized attacker to elevate privileges locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft System Center Operations Manager (SCOM) (affected versions not specified) Description: The issue is related to insufficient access control in Microsoft System Center Operations Manager (SCOM), which can be exploited to elevate privileges. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Network Watcher VM Agent (affected versions not specified) **Description** The issue concerns an elevation of privilege vulnerability. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Azure Network Watcher VM Extension versions (affected versions not specified) Description: The issue is related to an elevation of privilege vulnerability in the Azure Network Watcher VM Extension for Windows, caused by incorrect linking before accessing a file. Exploitation of this issue may allow an attacker to elevate their privileges. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Monitor Agent (affected versions not specified) **Description** The issue is related to an incorrect reference count before accessing a file, which can be exploited to elevate privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Monitor Agent (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability in the Azure Monitor Agent, which is used for data collection from virtual machines (VM) and physical servers. The vulnerability is caused by an incorrect reference definition before accessing a file. Exploitation of this issue may allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Monitor Agent (affected versions not specified) **Description** The issue is related to an incorrect reference count before accessing a file, which can be exploited to elevate privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.