CVE-2020-12446

Name of the Vulnerable Software and Affected Versions G.SKILL Trident Z Lighting Control versions 1.00.08 and earlier

Description The issue allows local non-privileged users to access sensitive operations, including mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input from and output to I/O ports. This exposure leads to privilege escalation to NT AUTHORITYSYSTEM.

Recommendations For versions 1.00.08 and earlier, consider disabling the ene.sys driver as a temporary workaround to minimize the risk of exploitation. Restrict access to the affected driver to prevent local non-privileged users from escalating privileges to NT AUTHORITYSYSTEM. At the moment, there is no information about a newer version that contains a fix for this vulnerability.