Bill Demirkapi

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 150.0.3 **Description** A use-after-free issue exists in the JavaScript: WebAssembly component. Use-after-free is a memory corruption flaw that occurs when an application continues to use a pointer after it has been freed. **Recommendations** Update to version 150.0.3.

Name of the Vulnerable Software and Affected Versions: Windows BitLocker (affected versions not specified) Description: The issue is related to a security feature bypass vulnerability in the BitLocker data protection function of Windows operating systems. This vulnerability can be exploited by an attacker with physical access to bypass existing security restrictions and gain access to encrypted data. Microsoft has disabled a fix for this issue due to firmware incompatibility problems that caused devices to enter BitLocker recovery mode. As a result, customers are advised to apply manual mitigations. Recommendations: To mitigate this issue, apply the manual mitigations advised by Microsoft, which require restarting the impacted device eight times. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** .NET Framework (affected versions not specified) **Description** The issue is related to errors in the representation of information by the user interface, which can be exploited by a remote attacker to conduct spoofing attacks. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Visual Studio Tools for Office Runtime (affected versions not specified) **Description** The issue is related to errors in the representation of information by the user interface. Exploitation of this issue may allow a remote attacker to conduct spoofing attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mono (affected versions not specified) **Description** The issue is related to errors in presenting information to the user interface when loading the Mono.Security.dll library. It may allow a remote attacker to conduct spoofing attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows (affected versions not specified) **Description** The issue is related to a security feature bypass vulnerability in Microsoft Windows SmartScreen. This vulnerability can be exploited by an attacker to bypass security restrictions by loading specially crafted malicious files. The vulnerability is associated with errors in security settings. There have been real-world incidents where this issue was exploited, including its use by Magniber ransomware actors. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Support Diagnostic Tool (MSDT) (affected versions not specified) **Description** The issue is related to insufficient input validation in the Microsoft Windows Support Diagnostic Tool (MSDT). This allows an attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell SupportAssist Client versions prior to 3.2.0.90 **Description** The issue allows an unauthenticated attacker, sharing the network access layer with the vulnerable system, to compromise the system by tricking a victim user into downloading and executing arbitrary executables via the SupportAssist client from attacker-hosted sites. This vulnerability affects over 30 million devices, including 128 models of Dell desktops and laptops. Two of the vulnerabilities were fixed by Dell on the server side, while the other two require a client-side update. **Recommendations** For Dell SupportAssist Client versions prior to 3.2.0.90, update to version 3.2.0.90 or later to resolve the issue. As a temporary workaround, consider disabling the BIOSConnect service to minimize the risk of exploitation.