Dreadsec

**Name of the Vulnerable Software and Affected Versions** Awesome Miner versions through 11.2.4 **Description** A flaw exists in Awesome Miner that permits unauthorized read and write access to kernel memory and Model Specific Registers (MSRs), including LSTAR, even for users without administrative privileges. This is a result of an insecure implementation of WinRing0 (version 1.2.0.5, rebranded as IntelliBreeze.Maintenance.Service.sys) which has a deficient Discretionary Access Control List (DACL). This inadequate DACL allows non-privileged users to interact with the driver and, consequently, the kernel. Successful exploitation could lead to local privilege escalation, information disclosure, denial of service, and other potential consequences. **Recommendations** Versions prior to 11.2.5 should be updated.