Milánek

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the August 2024 update microsoft windows 10 1507 (<10.0.10240.20751) microsoft windows 10 1607 (<10.0.14393.7259) microsoft windows 10 1809 (<10.0.17763.6189) microsoft windows 10 21h2 (<10.0.19044.4780) microsoft windows 10 22h2 (<10.0.19045.4780) **Description** The issue is related to a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock. It has been actively exploited by the Lazarus Group, a North Korea-linked APT group, to gain SYSTEM privileges on the latest Windows operating systems. The vulnerability allows attackers to manipulate kernel structures, gaining read and write access. It is a use-after-free flaw in the AFD.sys driver, which is installed by default on all Windows devices, making it a significant threat. The estimated number of potentially affected devices worldwide is not specified, but it is considered a major threat due to the widespread use of Windows devices. **Recommendations** As a temporary workaround, consider disabling the `afd.sys` driver until a patch is available. Restrict access to the vulnerable module `AFD.sys` to minimize the risk of exploitation. Apply the August 2024 updates released by Microsoft to patch the vulnerability. Update Microsoft Windows to a version that includes the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to an elevation-of-privilege vulnerability in the Win32k component of Windows operating systems. This vulnerability is associated with errors in processing objects in memory. Exploitation of this vulnerability can allow an attacker to elevate their privileges. The vulnerability can be exploited by opening a specially crafted RTF file, which can lead to local privilege escalation (LPE) to system level. There have been reports of this vulnerability being actively exploited in the wild. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows versions prior to the fixed version **Description** The issue is related to a buffer overflow in the Windows Advanced Local Procedure Call (ALPC) handler, which can be exploited to elevate privileges and execute arbitrary code with SYSTEM privileges. An elevation-of-privilege vulnerability allows attackers to affect the system. The vulnerability has been exploited in the wild and can be used to break out of the sandbox in Chromium. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 107.0.5304.87 **Description** The issue is related to a type confusion in the V8 engine of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This is described as a high severity issue. The vulnerability was discovered by researchers at Avast and reported to the developer on October 25. It is noted that this is the seventh 0-day vulnerability in Chrome fixed by Google this year, and the second attributed to Avast. There is no information provided about the estimated number of potentially affected devices worldwide or specific details about real-world incidents where this issue was exploited, beyond it being actively exploited. **Recommendations** For Google Chrome versions prior to 107.0.5304.87, update to version 107.0.5304.87 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages or modules until the update can be applied.