Microsoft

Microsoft has patched a low-severity information disclosure vulnerability (CVSS 3.5) that requires adjacent network access and user interaction to exploit, with no authentication needed but only allowing limited confidentiality impact. The vulnerability cannot be exploited remotely and causes no integrity or availability damage, making it a relatively contained risk. Security teams should monitor for this advisory's official patch release and prioritize it as a low-priority update unless it affects critical systems handling sensitive data.