This module exploits a design flaw in Microsoft Windows. The NTLM reflection attack in local authentication allows a local attacker to write arbitrary files and get SYSTEM privileges.

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

This module verifies the Mark Of The Web Vulnerability.



Windows ZIP extraction bug (CVE-2022-41049) lets attackers craft ZIP files, which evade warnings on attempts to execute packaged files, even if ZIP file was downloaded from the Internet.

Windows Backup Service allows an unprivileged user to delete files.



This Update removes the Early Release Tag, change the default file to be deleted and make a backup of the file before deleting it.

Windows Backup Service allows an unprivileged user to delete files.

This update exploits a deserialization vulnerability in SerializationTypeConverter when converting powershell remoting objects to execute OS commands as SYSTEM.

The LenovoDiagnosticsDriver.sys driver in the HardwareScanPlugin of Lenovo Vantage before 1.3.0.5 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, via a function call such as MmMapIoSpace.

The cause of the vulnerability is due to the lack of a strict bounds check for the SignaturesOffset field in the Base Block for the base log file (BLF) in CLFS.sys.

Vulnerability is in code responsible for ClipboardChange event that can be reached through RPC. Local users can send data to RPC server which will then be written in Sysmon directory.