Tomerpeled92

**Name of the Vulnerable Software and Affected Versions** Kubernetes versions prior to 1.28.4 Kubernetes versions prior to 1.27.8 Kubernetes versions prior to 1.26.11 Kubernetes versions prior to 1.25.16 **Description** A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. The vulnerability is related to insufficient input validation in the in-tree storage plugin for Windows nodes, which can lead to remote code execution with SYSTEM privileges on Windows endpoints. This issue affects Kubernetes clusters that use an in-tree storage plugin for Windows nodes. **Recommendations** For Kubernetes versions prior to 1.28.4, update to version 1.28.4 or later. For Kubernetes versions prior to 1.27.8, update to version 1.27.8 or later. For Kubernetes versions prior to 1.26.11, update to version 1.26.11 or later. For Kubernetes versions prior to 1.25.16, update to version 1.25.16 or later. As a temporary workaround, consider restricting access to the in-tree storage plugin for Windows nodes until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Kubernetes (affected versions not specified) **Description** A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. The vulnerability allows for remote code execution (RCE) on Windows endpoints. An attacker with 'apply' privileges can inject arbitrary code that gets executed on Windows machines with SYSTEM privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IOBit Advanced System Care versions 15 **Description** The issue allows low privilege users to gain code execution as a high privilege user by exploiting the "rwx" permissions for unprivileged users in the ProgramData folder. This is achieved by using SetOpLock to wait for CreateProcess and switching the genuine component with a malicious executable. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For IOBit Advanced System Care version 15, consider restricting access to the ProgramData folder to minimize the risk of exploitation. As a temporary workaround, avoid using the SetOpLock function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IOBit Advanced System Care version 15 **Description** The issue allows an attacker with SEImpersonatePrivilege to create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes. During login, the service will try to connect to the attacker, leading to either escalation of privileges from ADMIN to SYSTEM or from Local ADMIN to Domain ADMIN, depending on the user and named pipe used. This is achieved through token manipulation and the use of the `ImpersonateNamedPipeClient()` function. **Recommendations** For IOBit Advanced System Care version 15, consider disabling the named pipe functionality until a patch is available to prevent potential privilege escalation. Restrict access to the named pipes used by ASCService to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IOBit Advanced System Care version 15 iTop Screen Recorder version 2.1 iTop VPN version 3.2 Driver Booster version 9 iTop Screenshot (affected versions not specified) **Description** The issue concerns the update procedure of the affected software, which sends HTTP requests to download a config file. After downloading, the software parses the HTTP location of the update from the file and attempts to install the update automatically with ADMIN privileges. An attacker intercepting this communication can supply a fake config file with malicious locations for the updates, potentially gaining remote code execution on an endpoint. **Recommendations** For IOBit Advanced System Care version 15, consider disabling the automatic update feature until a patch is available. For iTop Screen Recorder version 2.1, restrict access to the update module to minimize the risk of exploitation. For iTop VPN version 3.2, avoid using the automatic update feature in the affected version until the issue is resolved. For Driver Booster version 9, as a temporary workaround, consider disabling the update function until a patch is available. For iTop Screenshot, since the affected versions are not specified, it is recommended to exercise caution when using the update feature and to monitor for any potential patches or updates.

**Name of the Vulnerable Software and Affected Versions** iTop VPN version 3.2 **Description** The issue arises from the iTopVPNmini.exe component trying to connect to a named pipe called datastate iTopVPN Pipe Server in a loop. An attacker can exploit this by opening a named pipe with the same name, allowing them to gain the token of another user. This is achieved by listening for connections and abusing the ImpersonateNamedPipeClient function. **Recommendations** For iTop VPN version 3.2, consider disabling the iTopVPNmini.exe component until a patch is available to prevent potential exploitation. Restrict access to the named pipe datastate iTopVPN Pipe Server to minimize the risk of an attacker gaining another user's token. At the moment, there is no information about a newer version that contains a fix for this vulnerability.