Xiaodaozhi

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows RT 8.1 Microsoft Windows 10 versions Gold, 1511, 1607, 1703 Microsoft Windows Server 2016 **Description** The issue is related to the kernel-mode drivers in Microsoft Windows, which incorrectly handle objects in memory, allowing local users to gain privileges via a crafted application. This can enable an attacker to elevate their privileges. The estimated number of potentially affected devices and details about real-world incidents are not specified. **Recommendations** For Microsoft Windows Server 2008 SP2 and R2 SP1, update to a version that includes the fix for this issue. For Microsoft Windows 7 SP1, update to a version that includes the fix for this issue. For Microsoft Windows 8.1, update to a version that includes the fix for this issue. For Microsoft Windows Server 2012 Gold and R2, update to a version that includes the fix for this issue. For Microsoft Windows RT 8.1, update to a version that includes the fix for this issue. For Microsoft Windows 10 versions Gold, 1511, 1607, 1703, update to a version that includes the fix for this issue. For Microsoft Windows Server 2016, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the kernel-mode drivers until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions Vista SP2 through 10 1607 Microsoft Windows Server versions 2008 SP2 through 2016 **Description** The issue is related to a buffer overflow in the kernel-mode drivers of the Transaction Manager in Microsoft Windows, allowing local users to gain privileges via a crafted application. This can enable an attacker to elevate their privileges. **Recommendations** For Microsoft Windows versions Vista SP2 through 10 1607, consider restricting access to the Transaction Manager until a patch is available. For Microsoft Windows Server versions 2008 SP2 through 2016, avoid using crafted applications that could exploit the vulnerability in the kernel-mode drivers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows (affected versions not specified) **Description** The issue is related to a lack of access control in the Windows operating system kernel mode driver, which can be exploited by a local attacker to elevate privileges using a specially crafted application. This can affect the system, allowing for potential elevation-of-privilege attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.