Genwei Jiang

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel (affected versions not specified) **Description** The issue is caused by synchronization errors when using a shared resource in Microsoft Excel, allowing an attacker to gain unauthorized access to the device. This can enable attackers to obtain sensitive information and affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Common Log File System Driver (affected versions not specified) **Description** The issue is related to an elevation-of-privilege vulnerability in the Windows Common Log File System (CLFS) Driver. This vulnerability allows attackers to affect the system. It has been exploited in the wild, with ransomware operators using it to target victims. The vulnerability is associated with a buffer overflow in memory, which can be exploited to elevate privileges. There have been reports of this vulnerability being used by ransomware groups, including Nokoyawa, in attacks on small and medium-sized businesses in various regions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Graphics Component (affected versions not specified) **Description** The issue is related to a buffer overflow in the Windows Graphics Component, which can allow an attacker to execute arbitrary code. This is an elevation-of-privilege vulnerability that affects the system. It has been reported that this issue has been exploited in the wild. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Common Log File System Driver versions prior to 10.0.10240.19444 Windows Common Log File System Driver versions prior to 10.0.14393.5356 Windows Common Log File System Driver versions prior to the fixed version **Description** The issue is related to a buffer overflow in memory, allowing an attacker to execute arbitrary code with system privileges. This can lead to an elevation-of-privilege vulnerability, affecting the system. **Recommendations** For versions prior to 10.0.10240.19444, update to a version that includes the fix for this issue. For versions prior to 10.0.14393.5356, update to a version that includes the fix for this issue. For all affected versions, consider restricting access to the vulnerable driver until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft MSHTML (affected versions not specified) **Description** The vulnerability in Microsoft MSHTML allows remote attackers to execute arbitrary code by using specially crafted Microsoft Office documents. An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Microsoft Defender Antivirus and Microsoft Defender for Endpoint provide detection and protections for the known vulnerability. The vulnerability has been exploited in targeted attacks, and it is recommended to keep antimalware products up to date. **Recommendations** To resolve the issue, update Microsoft MSHTML to the latest version. As a temporary workaround, consider disabling the use of ActiveX controls in Microsoft Office documents until a patch is available. Restrict access to the MSHTML engine to minimize the risk of exploitation. Avoid using Microsoft Office documents from untrusted sources until the issue is resolved. Keep antimalware products up to date, and deploy the latest detection build across environments. Apply the security updates provided by Microsoft to address this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to a buffer overflow in memory, allowing a remote attacker to execute arbitrary code using a specially crafted web page. This could corrupt memory, enabling the attacker to execute code in the context of the current user. If the user has administrative rights, the attacker could gain control of the system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office versions 2010 through 2016 **Description** The issue exists due to insufficient input validation in Microsoft Office, allowing a remote attacker to execute arbitrary code. Exploitation can occur when a user opens a specially crafted file, such as an EPS file with a malformed graphic image, or inserts a malformed graphic image into an Office file. Such files can also be attached to emails. Successful exploitation can grant the attacker control over the system. **Recommendations** For Microsoft Office versions 2010 through 2016, apply the official fix to resolve the issue. As a temporary workaround, consider avoiding the use of specially crafted EPS files and restricting the insertion of graphic images from untrusted sources into Office files until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) **Description** The issue is related to the improper handling of data in Microsoft Office, which can be exploited by a remote attacker to execute arbitrary code. The exploitation can occur when a user opens a specially crafted file in EPS format or inserts a malformed graphic image into an Office file. Such files can also be attached to emails. If the exploitation is successful, the attacker can gain control over the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Flash Player versions 21.0.0.226 and earlier **Description** The issue allows remote attackers to execute arbitrary code via unspecified vectors. It has been exploited in the wild, specifically in May 2016. The vulnerability is related to errors in the code of the Flash Player platform, which can allow a remote attacker to gain control over the system and cause the application to crash. The estimated number of potentially affected devices worldwide is not specified. However, it is known that threat actors such as ScarCruft (APT37) have used this issue for information theft and cyber espionage. The issue has been used in conjunction with other threats, including watering hole techniques, spear-phishing, and process injection techniques. **Recommendations** For Adobe Flash Player versions 21.0.0.226 and earlier, update to a version later than 21.0.0.226 to resolve the issue. As a temporary workaround, consider disabling the Flash Player until a patch is applied. Restrict access to vulnerable systems to minimize the risk of exploitation. Avoid using systems that have Adobe Flash Player installed until the issue is resolved. At the moment, there is no additional information about other mitigation measures.