Masthoon

**Name of the Vulnerable Software and Affected Versions** Microsoft Streaming Service versions prior to the fixed version **Description** The issue allows attackers to gain System privileges on a vulnerable machine. It is an elevation-of-privilege vulnerability that affects the system. The vulnerability is related to an untrusted pointer dereference in the mskssrv.sys driver. It has been actively exploited and was demonstrated at the Pwn2Own contest. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. **Recommendations** As a temporary workaround, consider disabling the `mskssrv.sys` driver until a patch is available. Update Windows to the latest version. Use a firewall and configure it to only allow trusted connections. Use a VPN with a reliable reputation. Keep track of cybersecurity news and do not use the same password for different sites. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lexmark devices (affected versions not specified) **Description** The issue is related to an embedded web server command injection vulnerability. This vulnerability was identified in Lexmark devices through 2021-12-07. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lexmark devices (affected versions not specified) **Description** The initial admin account setup wizard on Lexmark devices allows unauthenticated access to the "out of service erase" feature. This issue may be related to an unprotected API, potentially leading to remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Console Window Host (affected versions not specified) **Description** The issue is related to errors in security settings of the Console Window Host component in Microsoft Windows operating systems. This allows an attacker to bypass security restrictions. There is a security-feature bypass vulnerability that enables attackers to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue exists due to improper handling of objects in memory by a component of the Windows operating system, specifically related to DirectX. This can allow an attacker to elevate their privileges and execute arbitrary code in kernel mode using a specially crafted application. An elevation-of-privilege issue allows attackers to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.