Decoder_It

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows (affected versions not specified) **Description** A use after free issue exists in Windows Print Spooler Components. This allows an authorized attacker to execute code over a network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Admin Center versions prior to 2511 **Description** An improper authentication issue exists in Windows Admin Center, potentially allowing an authorized attacker to elevate privileges on a network. The vulnerability, identified as CVE-2026-26119, has a CVSS score of 8.8 (High severity). An attacker with low-level access credentials could exploit this flaw to gain the rights of the user running the application, potentially leading to broad administrative control and even domain compromise under certain conditions. The vulnerability stems from flawed session handling or token validation. While there are no reports of active exploitation, Microsoft rates the vulnerability as having a “high likelihood of exploitation”. **Recommendations** Update Windows Admin Center to version 2511 or later.

Name of the Vulnerable Software and Affected Versions Windows versions (affected versions not specified) Description A flaw in Windows HTTP.sys related to improper access control can allow an authorized attacker to elevate privileges over a network. This issue can be exploited remotely. The vulnerability enables Kerberos authentication relay to Active Directory Certificate Services (AD CS) via DNS CNAME abuse, bypassing NTLM protections. A proof-of-concept (PoC) has been released demonstrating how attackers can manipulate DNS CNAME resolution to coerce Windows clients into requesting Kerberos tickets for attacker-controlled Service Principal Names (SPNs), enabling credential relay and lateral movement. This poses a risk to Active Directory networks, even when NTLM is disabled. Mitigation means removing relay opportunities at the service layer. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to insufficient access restrictions in the Windows Group Policy service, which can be exploited to elevate privileges. This allows an attacker to affect the system. No information is available on the estimated number of potentially affected devices or real-world incidents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to insufficient access restrictions in the Windows Group Policy service, allowing a remote attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Group Policy Preference Client (affected versions not specified) **Description** The issue is related to insufficient access restrictions in the Windows Group Policy Preference Client component of the Windows operating system. Exploitation of this issue may allow an attacker to elevate privileges in the system. It is an elevation-of-privilege issue that can affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Group Policy Preference Client (affected versions not specified) **Description** The issue is related to insufficient access restrictions in the Windows Group Policy Preference Client component of the Windows operating system. Exploitation of this issue may allow an attacker to elevate their privileges. It is an elevation-of-privilege issue that can affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Group Policy Preference Client (affected versions not specified) **Description** The issue is related to an elevation-of-privilege vulnerability that allows attackers to affect the system. It is caused by improper link resolution before file access. Exploitation of this issue may allow an attacker to elevate privileges in the system using a specially crafted link. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iTunes for Windows versions prior to 12.10.4 **Description** The issue allows a user to gain access to protected parts of the file system due to inadequate permissions logic. **Recommendations** For versions prior to 12.10.4, update to iTunes for Windows 12.10.4 to resolve the issue.