Ouyang Fei

Name of the Vulnerable Software and Affected Versions: Windows Storage VSP Driver (affected versions not specified) Description: The issue is related to improper input validation in the Windows Storage VSP Driver, which allows an authorized attacker to elevate privileges locally. This means an attacker with existing access to the system can potentially gain higher-level privileges. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Search Service versions prior to the fixed version **Description** The issue is related to synchronization errors when using a shared resource, specifically a "race condition" situation. This can allow an attacker to elevate their privileges. The estimated number of potentially affected devices is not specified. There are reports of real-world incidents where this issue was exploited, with a threat actor claiming to sell an exploit for this vulnerability. The exploit allegedly works on Windows 10-11 and servers 2019-2022. **Recommendations** For versions prior to the fixed version, update to the latest version to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows RDP Encoder Mirror Driver (affected versions not specified) **Description** The issue is related to the insecure management of privileges in the implementation of the RDP graphical mirror driver in Windows operating systems. This allows an attacker to potentially elevate their privileges. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Reliability Analysis Metrics Calculation (RacTask) (affected versions not specified) **Description** The issue is related to an elevation-of-privilege vulnerability, which allows attackers to affect the system. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to insufficient access restrictions in the Windows Image Acquisition component, allowing an attacker to potentially elevate their privileges. An elevation-of-privilege vulnerability exists, enabling attackers to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Reliability Analysis Metrics Calculation Engine (RACEng) (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability in the Reliability Analysis Metrics Calculation Engine (RACEng) due to inadequate access control. Exploitation of this issue may allow an attacker to elevate their privileges. The vulnerability is associated with the Windows Server operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.