Thibault Van Geluwe De Berlaere

**Name of the Vulnerable Software and Affected Versions** Windows Server versions 2008 through 2016 Windows versions 8.1 through 10 (including 1607, 1809, 20h2, 21h1, 21h2) **Description** The issue is related to an elevation-of-privilege vulnerability in the Windows Credential Roaming Service, which is associated with insufficient access restrictions. This vulnerability can be exploited by an attacker to elevate their privileges. The vulnerability exists in the `DSInternals.Common.Data.RoamedCredential.Save()` method, which incorrectly parses the `msPKIAccountCredentials` LDAP attribute values. This allows a malicious actor to modify the file system of the computer where an application using this function is executed with administrative privileges. **Recommendations** For Windows Server versions 2008 through 2016 and Windows versions 8.1 through 10, update to a version that includes the fix for this issue, such as DSInternals 4.8. As a temporary workaround, consider restricting access to the `DSInternals.Common` library and the `msPKIAccountCredentials` attribute in Active Directory to minimize the risk of exploitation. Avoid using the `DSInternals.Common.Data.RoamedCredential.Save()` method in applications with administrative privileges until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** eG Agent versions prior to 7.2 **Description** The issue is related to weak file permissions that enable escalation of privileges to SYSTEM. This allows for potential privilege escalation. **Recommendations** For versions prior to 7.2, update to version 7.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Windows Print Spooler (affected versions not specified) **Description** The issue is related to insecure privilege management in the Windows Print Spooler. It allows an attacker to elevate their privileges, potentially affecting the system. No information is provided about the estimated number of potentially affected devices or real-world incidents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Print Spooler (affected versions not specified) Description: The issue is related to insecure privilege management in the Windows Print Spooler component of Windows operating systems. Exploitation of this issue may allow an attacker to elevate their privileges. This can affect the system, potentially leading to increased access and control for the attacker. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.