George Hughey

**Name of the Vulnerable Software and Affected Versions** Windows Event Logging Service (affected versions not specified) **Description** Improper access control in the Windows Event Logging Service allows an authorized attacker to elevate privileges locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** Improper access control in the Windows RPC API allows an authorized attacker to elevate privileges locally and affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows (affected versions not specified) Description: A security-feature bypass exists in Windows due to a protection mechanism failure in the `MapUrlToZone` function. This allows an unauthorized attacker to bypass a security feature over a network. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Win32K (affected versions not specified) Description: The issue is related to a use after free condition in Windows Win32K - ICOMP, which allows an authorized attacker to elevate privileges locally. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Common Log File System Driver versions prior to the fixed version Description: The issue is related to a use-after-free flaw in the Windows Common Log File System Driver, which allows an authorized attacker to elevate privileges locally. This could potentially impact system security. Recommendations: For Windows 10 and 11, apply patch KB5058411. For Windows Server, apply patch KB5058405. As a temporary workaround, consider restricting access to the Windows Common Log File System Driver until a patch is applied.

Name of the Vulnerable Software and Affected Versions: Windows NTFS (affected versions not specified) Description: The issue is an out-of-bounds read that allows an unauthorized attacker to disclose information locally. It affects the system by allowing attackers to obtain sensitive information. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows exFAT File System (affected versions not specified) **Description** A heap-based buffer overflow in the Windows exFAT File System allows an unauthorized attacker to execute code locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to the improper resolution of path equivalence in Windows MapUrlToZone, which allows an unauthorized attacker to bypass a security feature over a network. This could potentially lead to unauthorized access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows NTFS (affected versions not specified) Description: A buffer over-read issue in Windows NTFS allows an unauthorized attacker to disclose information locally. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Win32 Kernel Subsystem (affected versions not specified) Description: The issue is related to a use after free condition in the Windows Win32 Kernel Subsystem, which allows an authorized attacker to elevate privileges locally. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows (affected versions not specified) Description: The issue is related to an elevation-of-privilege vulnerability in the Windows Win32 Kernel Subsystem. It is associated with the possibility of using memory after it has been freed. Exploitation of this issue may allow an attacker to elevate their privileges. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to the MapUrlToZone component of the Windows operating system, which is associated with incorrect path equivalence resolution. This can allow a remote attacker to bypass existing security restrictions. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to a security feature bypass vulnerability in the MapUrlToZone method, which is associated with incorrect path equivalence resolution. This could allow a remote attacker to disclose protected information. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to a security feature bypass vulnerability in the MapUrlToZone method, which is associated with incorrect path equivalence resolution. This could allow a remote attacker to disclose protected information. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to the MapUrlToZone component of the Windows operating system, which is associated with incorrect path equivalence resolution. This can allow a remote attacker to bypass existing security restrictions. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to a denial-of-service vulnerability in the MapUrlToZone method of the IInternetSecurityManager interface in Microsoft Windows operating systems. This vulnerability is caused by integer overflow, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows HTML Platforms (affected versions not specified) **Description** The issue is related to an incorrect path equivalence resolution in the MSHTML platform of Microsoft Windows operating systems. This can be exploited by a remote attacker to bypass security restrictions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to a security feature bypass vulnerability, specifically concerning the MapUrlToZone method in Windows operating systems. This vulnerability is associated with incorrect path equivalence resolution. Exploitation of this issue could allow a remote attacker to disclose protected information. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to the `MapUrlToZone` method in Windows operating systems, which is associated with incorrect path equivalence resolution. This can allow a remote attacker to disclose protected information. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Remote Access Connection Manager (affected versions not specified) **Description** The issue is related to a memory reading boundary error in the Windows Remote Access Connection Manager. It allows a remote attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.