The Windows Defender vulnerability, tracked as CVE-2024-49071, has a maximum severity rating of ‘critical’, but based on its CVSS score it’s a medium-severity issue. It could have led to information disclosure, specifically the exposure of file content. Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network. The vulnerability in Update Catalog, which provides a listing of updates that can be distributed over a corporate network, was a privilege escalation issue that had critical severity based on its CVSS score. The flaw is tracked as CVE-2024-49147.