Yarin Aharoni

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions 2008 SP2 through 2025 Microsoft Windows 10 versions 1607 through 22H2 Microsoft Windows 11 versions 22H2 through 24H2 Microsoft Azure Site Recovery agent (affected versions not specified) Trend Micro Apex One (affected versions not specified) Trend Micro Worry-Free Business Security (affected versions not specified) **Description** A time-of-check time-of-use (TOCTOU) race condition exists in Windows Fundamentals and the MS-EVEN RPC protocol. This flaw allows an authorized or unauthenticated attacker to execute code over a network or remotely. The vulnerability allows low-privileged users to write arbitrary files to a remote machine, bypassing the need for administrator privileges for remote file writes. The issue is related to errors in synchronization when using a shared resource. The vulnerability affects all Windows and Windows Server computers in a domain. The flaw allows checking arbitrary paths and writing files remotely, potentially leading to remote code execution (RCE). The vulnerability impacts the Eventlog service, allowing propagation with weak credentials. **Recommendations** For Microsoft Windows versions 2008 SP2 through 2025, update your systems. For Microsoft Windows 10 versions 1607 through 22H2, update your systems. For Microsoft Windows 11 versions 22H2 through 24H2, update your systems. For Microsoft Azure Site Recovery agent, update your agents. For Trend Micro Apex One, apply the released patches. For Trend Micro Worry-Free Business Security, apply the released patches.