An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode.
A local privilege escalation vulnerability was discovered within Microsoft Windows. It abuses the issue that a registry hive file will be opened in write mode if opening it in read mode fails. This, combined with the fact that the log files created when opening a hive in write mode are effectively owned by the system yet can also be modified by a user, allows normal users to overwrite critical system files. Successful exploitation of this issue may lead to local privilege escalation.
A vulnerability was discovered within Microsoft Windows 10 that could lead to an arbitrary registry key access. The root cause of this vulnerability comes from kernel not checking for user while creating hardware profile subkeys in HKLM, which are created with full permission to the owner which is the user and also inherits the parent ACLs. A successfully exploitation of this issue could allow an attacker to elevate privileges when used for SymLink.
A token impersonation vulnerability was discovered within Microsoft Windows. Successful exploitation of this issue might lead to a normal user process easily obtain a LocalSystem or any other user identity level token and further use it for impersonating a thread.
The Asterisk HTTP server currently has a default configuration which allows the BEAST vulnerability to be exploited if the TLS functionality is enabled. This can allow a man-in-the-middle attack to decrypt data passing through it.
An information disclosure vulnerability exists in Internet Explorer and Edge in a way that the Res protocol manages the existence of files on the system. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system.