Sandboxescaper

**Name of the Vulnerable Software and Affected Versions** Windows Task Scheduler (affected versions not specified) **Description** An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system. The security update addresses the vulnerability by correctly validating file operations. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows 7 Windows Server 2012 R2 Windows RT 8.1 Windows Server 2008 Windows Server 2012 Windows 8.1 Windows Server 2016 Windows Server 2008 R2 Windows 10 Windows 10 Servers **Description** The issue is related to an elevation of privilege vulnerability when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). This vulnerability is associated with insufficient access restrictions in the SchRpcSetSecurity function of the ALPC interface. Exploitation of this vulnerability may allow an attacker to execute malicious code with SYSTEM privileges using a specially crafted library. **Recommendations** For Windows 7, apply the recommended patch to fix the vulnerability. For Windows Server 2012 R2, apply the recommended patch to fix the vulnerability. For Windows RT 8.1, apply the recommended patch to fix the vulnerability. For Windows Server 2008, apply the recommended patch to fix the vulnerability. For Windows Server 2012, apply the recommended patch to fix the vulnerability. For Windows 8.1, apply the recommended patch to fix the vulnerability. For Windows Server 2016, apply the recommended patch to fix the vulnerability. For Windows Server 2008 R2, apply the recommended patch to fix the vulnerability. For Windows 10, apply the recommended patch to fix the vulnerability. For Windows 10 Servers, apply the recommended patch to fix the vulnerability. As a temporary workaround, consider restricting access to the `SchRpcSetSecurity` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Windows Installer versions (affected versions not specified) Windows 7 Windows Server 2012 R2 Windows RT 8.1 Windows Server 2008 Windows Server 2012 Windows 8.1 Windows Server 2016 Windows Server 2008 R2 Windows 10 Windows 10 Servers **Description** The issue is related to an elevation of privilege vulnerability in the Windows Installer. It occurs when the Windows Installer fails to properly sanitize input, leading to an insecure library loading behavior. This vulnerability allows attackers to potentially elevate their privileges on the system. **Recommendations** For Windows 7, consider applying configuration changes to restrict the loading of insecure libraries until a fix is available. For Windows Server 2012 R2, restrict access to the Windows Installer to minimize the risk of exploitation. For Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, and Windows 10 Servers, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Installer in Microsoft Windows versions prior to the fixed version Description: The issue allows an elevation of privilege due to how input is sanitized. An elevation-of-privilege vulnerability allows attackers to affect the system. Recommendations: For Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to improper access to objects in memory, which could lead to memory corruption. This corruption may allow an attacker to execute arbitrary code in the context of the current user. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.