Tamas Koczka

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the fixed version Microsoft WebDAV client in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 **Description** The issue is related to insufficient access restrictions in the Microsoft WebDAV client, allowing a local attacker to elevate privileges using a specially crafted application. To exploit the vulnerability, an attacker must first log on to the system. The vulnerability exists due to improper input validation by WebDAV, which could allow an attacker to execute arbitrary code with elevated permissions. **Recommendations** For Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511, update to a version that includes the fix for the WebDAV client vulnerability. As a temporary workaround, consider restricting access to the WebDAV client until a patch is available. Avoid using the WebDAV client for sensitive operations until the issue is resolved.