Tom Norfolk

**Name of the Vulnerable Software and Affected Versions** Windows PowerShell (affected versions not specified) **Description** The issue is related to insufficient input validation in the Windows operating system's PowerShell command-line shell. It allows an attacker to elevate their privileges. There is an elevation-of-privilege vulnerability that affects the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Quest KACE Agent for Windows versions 12.0.38 through 13.1.23.0 **Description** An issue exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components, allowing local attackers to create any file of their choice with NT AuthoritySYSTEM privileges. This is due to an arbitrary file create vulnerability. Local attackers can exploit this issue to create files with elevated privileges. **Recommendations** For version 12.0.38, consider disabling the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components until a patch is available. For version 13.1.23.0, consider disabling the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components until a patch is available. As a temporary workaround, restrict access to the vulnerable components to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Quest KACE Agent for Windows versions 12.0.38 through 13.1.23.0 **Description** An issue exists in the KSchedulerSvc.exe component, allowing local attackers to delete any file of their choice with NT AuthoritySYSTEM privileges. This is due to an arbitrary file delete vulnerability. **Recommendations** For version 12.0.38, consider disabling the KSchedulerSvc.exe component until a patch is available. For version 13.1.23.0, restrict access to the KSchedulerSvc.exe component to minimize the risk of exploitation. As a temporary workaround, consider implementing additional access controls to limit the privileges of the NT AuthoritySYSTEM account.

**Name of the Vulnerable Software and Affected Versions** Quest KACE Agent for Windows versions 12.0.38 through 13.1.23.0 **Description** An unquoted Windows search path issue exists in the KSchedulerSvc.exe and AMPTools.exe components, allowing local attackers to execute code of their choice with NT AuthoritySYSTEM privileges. This issue affects the Quest KACE Agent for Windows, enabling attackers to gain elevated privileges. **Recommendations** For version 12.0.38, update to a version that fixes the unquoted Windows search path vulnerability. For version 13.1.23.0, update to a version that fixes the unquoted Windows search path vulnerability. As a temporary workaround, consider disabling the KSchedulerSvc.exe and AMPTools.exe components until a patch is available.