This module exploits a design flaw in Microsoft Windows. The NTLM reflection attack in local authentication allows a local attacker to write arbitrary files and get SYSTEM privileges.
This module verifies the Mark Of The Web Vulnerability.
Windows ZIP extraction bug (CVE-2022-41049) lets attackers craft ZIP files, which evade warnings on attempts to execute packaged files, even if ZIP file was downloaded from the Internet.
Windows ZIP extraction bug (CVE-2022-41049) lets attackers craft ZIP files, which evade warnings on attempts to execute packaged files, even if ZIP file was downloaded from the Internet.
Windows Backup Service allows an unprivileged user to delete files.
This Update removes the Early Release Tag, change the default file to be deleted and make a backup of the file before deleting it.
This Update removes the Early Release Tag, change the default file to be deleted and make a backup of the file before deleting it.
Windows Backup Service allows an unprivileged user to delete files.
A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This module allows to create a user with root privileges.
The LenovoDiagnosticsDriver.sys driver in the HardwareScanPlugin of Lenovo Vantage before 1.3.0.5 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, via a function call such as MmMapIoSpace.
The cause of the vulnerability is due to the lack of a strict bounds check for the SignaturesOffset field in the Base Block for the base log file (BLF) in CLFS.sys.
Vulnerability is in code responsible for ClipboardChange event that can be reached through RPC. Local users can send data to RPC server which will then be written in Sysmon directory.
This vulnerability allows an Arbitrary File Deletion in any protected folder.
Used in conjunction with other vulnerability that allows Arbitrary File Writing, an attacker could escalate from unprivileged user to SYSTEM.
Used in conjunction with other vulnerability that allows Arbitrary File Writing, an attacker could escalate from unprivileged user to SYSTEM.
A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.