Wdormann

**Name of the Vulnerable Software and Affected Versions** Acronis Cyber Protect Cloud Agent (Windows) versions prior to build 40734 **Description** The issue involves local privilege escalation due to insecure folder permissions. **Recommendations** Update Acronis Cyber Protect Cloud Agent (Windows) to build 40734 or later.

Name of the Vulnerable Software and Affected Versions: Windows SmartScreen (affected versions not specified) Description: A protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows NTFS (affected versions not specified) Description: The issue is an out-of-bounds read in Windows NTFS that allows an unauthorized attacker to elevate privileges locally. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows NTFS (affected versions not specified) Description: The issue is an out-of-bounds read in Windows NTFS that allows an unauthorized attacker to elevate privileges locally. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Acronis Snap Deploy (Windows) versions before build 4625 **Description** The issue is related to local privilege escalation due to insecure folder permissions. This allows for potential exploitation, though specific details about the estimated number of affected devices or real-world incidents are not provided. **Recommendations** For Acronis Snap Deploy (Windows) versions before build 4625, update to build 4625 or later to resolve the issue. As a temporary workaround, consider restricting access to the insecurely permissioned folders until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 119.0.6045.105 **Description** The issue is related to an inappropriate implementation in the Downloads component of Google Chrome, which may allow a remote attacker to potentially execute arbitrary code via a malicious file. This could be achieved by exploiting the vulnerability through a specially crafted web page, potentially leading to unauthorized access to protected information. **Recommendations** For versions prior to 119.0.6045.105, update to version 119.0.6045.105 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Downloads component until a patch is applied. Avoid using the Downloads feature with untrusted or malicious files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Akeo Consulting Rufus versions prior to 2.17.1187 **Description** The issue concerns inadequate validation of the integrity of updates downloaded over HTTP, allowing an attacker to convince a user to execute arbitrary code. **Recommendations** For versions prior to 2.17.1187, update to version 2.17.1187 or later to resolve the issue.