Jaeheng Yoon

**Name of the Vulnerable Software and Affected Versions** Dell SupportAssist for Home PCs Installer Executable versions prior to 3.13.2.19 **Description** The issue affects the initial installation of Dell SupportAssist for Home PCs and can result in local privilege escalation (LPE). This vulnerability only affects first-time installations done prior to 8th March 2023. **Recommendations** For versions prior to 3.13.2.19, update to version 3.13.2.19 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable installer until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Windows Upgrade Assistant (affected versions not specified) **Description** The issue is related to insufficient input validation in the Windows Upgrade Assistant. This can allow a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** G-RAID 4/8 Software Utility (affected versions not specified) **Description** The issue is related to a DLL hijacking vulnerability in the G-RAID 4/8 Software Utility setups for Windows. This vulnerability could lead to arbitrary code execution in the context of the system user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) Microsoft 365 Apps for Enterprise (affected versions not specified) **Description** The issue is related to incorrect code generation management in the Click-to-Run (C2R) service for Microsoft Office and Microsoft 365 Apps for Enterprise packages. Exploitation of this issue may allow an attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.