Multiple vulnerabilities in the Security Service of Cisco AnyConnect Posture for Windows could allow an authenticated local attacker, to execute arbitrary commands with SYSTEM user privileges.
SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local privilege escalation from low privileged users to SYSTEM via a crafted openssl configuration file.
This update improves the reliability on Windows Server 2008 Enterprise Edition SP2 - x86-64.
An elevation of privilege vulnerability exists when Microsoft Windows CloudExperienceHost fails to check COM objects.
The specific flaw exists within the user-mode printer driver host process splwow64.exe. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to escalate privileges from low integrity and execute code in the context of the current user at medium integrity.
An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
This update adds support for Windows Server 2008 Enterprise Edition SP2 - x86-64.
The driver in EVGA Precision X1 (aka WinRing0x64.sys) allows any user to read and write to arbitrary memory.
An elevation of privilege vulnerability exists in Windows when the DNS server fails to properly handle SIG responses. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0