This update improves the module to bypass UAC by adding support for Windows 11.
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
JNDI features used in configuration, log messages, and parameters present in Apache Log4j2 do not protect against attacker controlled LDAP and other JNDI related endpoints. This library, used by VMware Horizon Connection Server, allows unauthenticated attackers to execute system commands.
This update adds SSO domain name detection.
The vulnerability is a win32k window object type confusion leading to an OOB (out-of-bounds) write which can be used to create arbitrary memory read and write capabilities within the Windows kernel to achieve elevated privileges.
This module allow to set a short name 8.3 of a file when you don't have write privileges to the directory where the file is located.The vulnerability exists due to NtfsSetShortNameInfo does not properly impose security restrictions in NTFS Set Short Name, which leads to security restrictions bypass and privilege escalation.
An elevation of privilege vulnerability exists in Windows when the NTFS component fails to properly handle objects in memory.
An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode, then install programs, view,
change, delete data or create new accounts with full user rights.
An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode, then install programs, view,
change, delete data or create new accounts with full user rights.
A path traversal vulnerability in Grafana may allow an unauthenticated attacker to download system files through specially crafted HTTP resource requests.
JNDI features used in configuration, log messages, and parameters present in Apache Log4j2 do not protect against attacker controlled LDAP and other JNDI related endpoints. This library, used by VMware vCenter Server, allows unauthenticated attackers to execute system commands.
A deserialization vulnerability present in the TypedBinaryFormatter class allows authenticated remote attackers to execute arbitrary OS commands with SYSTEM user privileges.