#Security Vulnerability

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.

**How could an attacker exploit this vulnerability?** An authorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to elevation of privilege on the Bluetooth component.

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**Why is the CERT/CC the assigning CNA (CVE Numbering Authority)?** This CVE is regarding a vulnerability in a third party driver. CERT/CC created this CVE on behalf of the researcher who discovered the vulnerability.

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

**Why is this GitHub CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

**Why is this GitHub CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

**Why is this GitHub CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in mingit software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

**Why is the CERT/CC the assigning CNA (CVE Numbering Authority)?** This CVE is regarding a vulnerability in a third party driver. CERT/CC created this CVE on behalf of the researcher who discovered the vulnerability.