Downwithup

**Name of the Vulnerable Software and Affected Versions** MSI Dragon Center version 2.0.104.0 **Description** The issue is related to the MODAPI.sys driver in the MSI Dragon Center software, which allows low-privileged users to access kernel memory. This could potentially enable an attacker to escalate their privileges. The vulnerability can be exploited via a crafted IOCTL 0x9c406104 call, which provides the MmMapIoSpace feature for mapping physical memory. **Recommendations** For MSI Dragon Center version 2.0.104.0, consider disabling the MODAPI.sys driver as a temporary workaround until a patch is available. Restrict access to the IOCTL 0x9c406104 call to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SoftEther VPN Server versions up to 4.29 See.sys up to version 4.25 **Description** The issue allows a user to call an IOCTL, specifying any kernel address to which arbitrary bytes are written. This can potentially lead to unauthorized access and modification of kernel memory. **Recommendations** For SoftEther VPN Server versions up to 4.29, update See.sys to a version newer than 4.25 to resolve the issue. For See.sys up to version 4.25, consider restricting access to the IOCTL function until a patch is available.