#microsoft

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content.

**According to the CVSS metrics, successful exploitation of this vulnerability does not impact confidentiality (C:N), or integrity (I:N), but has a high impact on availability (A:H). What does that mean for this vulnerability?** An attacker who successfully exploits this vulnerability cannot access or modify any sensitive user data but can cause user data to become unavailable.

**What privileges would an attacker gain by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could load a non-Microsoft DLL into an enclave, potentially leading to code execution within the context of the target enclave.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

**There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?** Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user must install and use a specially-crafted malicious application on their Android device.

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.