Anatoliy Glagolev

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Server 2008 R2 and R2 SP1 Microsoft Windows 7 Gold and SP1 **Description** The issue is caused by a double free vulnerability in the Windows TCP/IP stack, specifically when handling the binding of IPv6 addresses to a local interface. This allows local users to gain privileges via a crafted application. The vulnerability affects Windows 7 and Windows Server 2008 R2. **Recommendations** For Microsoft Windows Server 2008 R2 and R2 SP1, update to a version that properly handles IPv6 address binding to prevent privilege escalation. For Microsoft Windows 7 Gold and SP1, update to a version that properly handles IPv6 address binding to prevent privilege escalation. As a temporary workaround, consider restricting access to the tcpip.sys module to minimize the risk of exploitation.