Microsoft

Microsoft has disclosed a low-severity local information disclosure vulnerability (CVSS 3.3) that requires user interaction to exploit but no authentication. The vulnerability can only be accessed by an attacker with local machine access and results in limited confidentiality impact with no ability to modify or disable systems. Security teams should monitor for this advisory's patch release by the June 30, 2026 deadline and prioritize it accordingly given its low severity rating, though local access requirements significantly limit real-world exploitability.