The vulnerability has been dubbed PrintNightmare and is tracked as CVE-2021-34527. The flaw is due to the Windows Print Spooler service improperly performing privileged file operations. Microsoft says the flaw can be exploited by an authenticated user calling RpcAddPrinterDriverEx(). When exploited, an attacker gains SYSTEM privileges and can execute arbitrary code, install programs, view, change, or delete data or create new accounts with full user rights.

This update adds the ability to choose an external agent for the smb file share.

It adds more connexion methods and pivoting support.

It adds the ability to login using an identity.

It warns when the target can be patched or not to be vulnerable.

Deserialization vulnerability in Microsoft Exchange MeetingPollProposeOptionsPayload.GetRequests() method. This method can be triggered with an HTTP request and with a specially crafted XML payload it can lead to OS command execution within the context of the w3wp.exe process which has SYSTEM level privileges.



The XML payload is a .NET serialized object which contains the DataContractSerializer formatter and, it may contain the ObjectDataProvider chain from YSoSerial.NET; although other chains can be used. The payload needs to be crafted to be compatible with the way in which Exchange deserializes it.

A java unsafe reflection and a Server Side Request Forgery vulnerabilities present in ProxygenController class of VMware vCenter Server Virtual SAN Health Check plugin allows remote attackers to execute commands in the context of the vsphere-ui user account.

This update adds a drop-down menu in which users can select different scenarios with its corresponding "NON-PAGED POOL START ADDRESS" predefined.

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges.

A Local Privilege Escalation vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges.

HTTP.sys has a use-after-free vulnerability that allows a remote attacker to crash the vulnerable machine.

The Security Service of Cisco AnyConnect Posture (HostScan) for Windows incorrectly restricts access to internal IPC commands. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges by sending crafted IPC commands.

This module bypasses CVE-2021-1366 by abusing a Time-of-check Time-of-use (TOCTOU) Race Condition in the priv_file_copy command.



This update adds code to launch the exploit for CVE-2021-1366 if the detected version is vulnerable to it.

The vulnerability is an Use After Free Privilege Escalation in win32kbase and occurs in the DirectComposition::CInteractionTrackerBindingManagerMarshaler::SetBufferProperty function, which is the handler for the SetResourceBufferProperty command of a CInteractionTrackerBindingManagerMarshaler.