Madongze

Name of the Vulnerable Software and Affected Versions: Windows DirectX (affected versions not specified) Description: The issue is related to errors in processing objects in memory within the Windows DirectX component, allowing an attacker to gain unauthorized access to protected information. This can lead to the disclosure of sensitive information and potentially affect the system. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows (affected versions not specified) Windows 10 versions prior to February 2021 **Description** A memory buffer overflow and type confusion issue exists in the Win32k component of the Windows kernel. During the execution of the `NtUserCreateWindowEx()` function, an attacker can abuse a user-mode callback to confuse the `win32k.sys` driver regarding the `cbWndExtra` and `pExtraBytes` fields. This allows the `SetWindowLongPtr()` function to be used as an arbitrary kernel read/write primitive, enabling an attacker to overwrite the current process token with the SYSTEM token to gain full privileges. This issue has been actively exploited in the wild by the APT Bitter group and integrated into the Disco malware framework to facilitate privilege escalation. It was also observed in attacks targeting medical institutions to deploy cryptocurrency miners. **Recommendations** Update Windows 10 to the February 2021 security update or a newer version. At the moment, there is no information about a newer version that contains a fix for this vulnerability for other unspecified Windows versions.

**Name of the Vulnerable Software and Affected Versions** Windows Event Tracing versions (affected versions not specified) **Description** The issue is related to errors in privilege management within the Windows operating system's tracing service. It allows an attacker to potentially elevate their privileges. There is an elevation-of-privilege vulnerability that enables attackers to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.