Doranekosystems

**Name of the Vulnerable Software and Affected Versions** WFS, Inc HeavenBurnsRed version 2020.3.15.7141260 **Description** The issue allows for local privilege escalation through specially crafted IOCTL requests to `wfshbr64.sys` and `wfshbr32.sys` drivers. This can enable an arbitrary user to gain elevated privileges. The estimated number of potentially affected devices and details about real-world incidents where this issue was exploited are not provided. **Recommendations** For WFS, Inc HeavenBurnsRed version 2020.3.15.7141260, consider updating to a newer version that uses ObRegisterCallbacks instead of PPL to mitigate the risk of local privilege escalation. As a temporary workaround, consider restricting access to the `wfshbr64.sys` and `wfshbr32.sys` drivers until a patch is available. Avoid using the vulnerable IOCTL requests to the `wfshbr64.sys` and `wfshbr32.sys` drivers until the issue is resolved.