Crispr

**Name of the Vulnerable Software and Affected Versions** Azure Portal Windows Admin Center (affected versions not specified) **Description** Improper link resolution before file access, also known as link following, allows an authorized attacker to elevate privileges locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Spring MVC (affected versions not specified) Spring WebFlux (affected versions not specified) **Description** Applications using Spring MVC or Spring WebFlux are susceptible to Denial of Service attacks when serving static resources from the file system on Windows platforms. An attacker can send malicious requests that are slow to resolve, causing HTTP connections to remain occupied and leading to a service outage. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows MultiPoint Services (affected versions not specified) Description: An improper access control issue in Windows MultiPoint Services may allow an attacker to elevate privileges locally. This can allow attackers to affect the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Service Fabric (affected versions not specified) Description: The issue concerns improper link resolution before file access, also known as 'link following', which allows an authorized attacker to elevate privileges locally. This could potentially be exploited by an attacker with authorized access to gain higher privileges on the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Performance Recorder (affected versions not specified) Description: The issue is related to improper link resolution before file access, also known as 'link following', in Windows Performance Recorder. This allows an authorized attacker to deny service locally. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WmsRepair Service (affected versions not specified) **Description** The issue is related to insufficient access restrictions in the WmsRepair Service, which can be exploited to elevate privileges. This allows an attacker to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft PC Manager (affected versions not specified) **Description** The issue is related to an incorrect handling of symbolic links before accessing a file, which can be exploited to elevate privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Connected Machine Agent (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability in the Azure Connected Machine Agent. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Image Acquisition (affected versions not specified) Description: The issue is related to an elevation-of-privilege vulnerability in the Windows Image Acquisition service. It is caused by incorrect handling of symbolic links before accessing a file. Exploitation of this issue may allow an attacker to elevate their privileges. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Monitor Agent (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability in the Azure Monitor Agent, which is used for data collection from virtual machines (VM) and physical servers. The vulnerability is caused by an incorrect reference definition before accessing a file. Exploitation of this issue may allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.