Jonas Lykkegård

Name of the Vulnerable Software and Affected Versions: Windows Hyper-V (affected versions not specified) Description: The issue is related to an elevation of privilege vulnerability in Windows Hyper-V, which occurs due to improper handling of objects in memory. This could allow an attacker to gain elevated privileges on a target operating system. The vulnerability itself does not enable arbitrary code execution but could be used in conjunction with other vulnerabilities to take advantage of the elevated privileges. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows kernel (affected versions not specified) Description: An information disclosure issue exists due to the Windows kernel's improper handling of objects in memory. This could allow an attacker to obtain information that could be used to further compromise the system by running a specially crafted application on an affected system. The vulnerability does not allow an attacker to execute code or elevate user rights directly but can be used to obtain sensitive information. Recommendations: To resolve the issue, update the Windows kernel to the latest version that corrects how the kernel handles objects in memory. As a temporary workaround, consider restricting access to sensitive information and physical drives to minimize the risk of exploitation. Avoid using weak NTFS volume permissions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Mobile Device Management (MDM) Diagnostics (affected versions not specified) Description: An information disclosure issue exists due to improper handling of junctions by Windows MDM Diagnostics, allowing an attacker to bypass access restrictions and read files. To exploit this, an attacker must first log on to the system and then run a specially crafted application. The issue is addressed by correcting how Windows MDM Diagnostics handles files. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to a lack of proper access control in the Windows group policy, allowing a remote attacker to potentially elevate their privileges and execute arbitrary code using a specially crafted application. This can affect the system, enabling attackers to impact it. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to errors in object handling in memory in the dssvc.dll library of the Windows operating system. It allows an attacker to potentially elevate their privileges and execute arbitrary code using a specially crafted application. This can affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows 7 for 32-bit systems **Description** An elevation of privilege issue exists due to improper handling of specific local calls within the Windows redirected drive buffering system (rdbss.sys). This could potentially allow an attacker to cause a denial-of-service by running a specially crafted application. **Recommendations** For Windows 7 for 32-bit systems, at the moment, there is no information about a newer version that contains a fix for this vulnerability.