A critical use-after-free vulnerability in the Windows Ancillary Function Driver (afd.sys), allows attackers to escalate privileges. It stems from a race condition in the Registered I/O (RIO) extension for Windows sockets, between the functions AfdRioGetAndCacheBuffer() and AfdRioDereferenceBuffer().

Enhance identity management in exploits. * Linked created identities in the Module Output: Added a reference to the created identity in the Module Output. * Added Validated and Validated in properties to identities: Ensured that created identities include Validated=True and are associated with the target (Validated in) where they were verified.

The vulnerability exploits Office URI schemes to redirect HTTP requests to UNC paths using redirection. This enables attackers to bypass URI restrictions and capture NTLMv2 hashes.

This issue allows unauthenticated users to execute arbitrary commands on the server due to a command injection vulnerability in the `cmd_realtime.php` file. The vulnerability arises when the `register_argc_argv` option of PHP is enabled, which is the default setting in many environments. The `$poller_id` used in command execution is sourced from `$_SERVER['argv']`, which can be manipulated through URLs when this option is enabled. This module exploits this vulnerability sending a special request to 'cmd_realtime.php' that sets $_SERVER['argv'] into an os command.

An elevation of privilege vulnerability exists due to the MS KS WOW Thunk kernel module allowing untrusted pointer dereference. The vulnerability could allow an attacker to run code with elevated privileges.

This update adds reliability improvements to check if the target is vulnerable.

An authentication bypass vulnerability in Progress OpenEdge allows unauthenticated remote attackers to authenticate in the target application as NT AUTHORITY/SYSTEM.