Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.
Access of resource using incompatible type ('type confusion') in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.