Erwin Chan

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks GlobalProtect app for Windows (affected versions not specified) **Description** A privilege escalation vulnerability in the GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. The exploitation requires the local user to successfully exploit a race condition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AnyDesk version 7.0.9 **Description** The issue allows a local user to gain SYSTEM privileges via a symbolic link. This is possible because the user can write to their own %APPDATA% folder, which is used for ad.trace and chat, but the product runs as SYSTEM when writing chat-room data there. **Recommendations** For AnyDesk version 7.0.9, consider restricting access to the %APPDATA% folder to prevent users from creating symbolic links that could lead to privilege escalation. As a temporary workaround, consider disabling the chat functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.