Monthly
Local privilege escalation in the MBStorage DRAM lighting control module of GIGABYTE's Gigabyte Control Center (GCC) lets an authenticated low-privileged local user reach kernel-level privileges by abusing the bundled MyPortIO_x64.sys driver. The driver exposes IOCTL handlers without adequate access control, permitting arbitrary read and write of physical memory. No public exploit identified at time of analysis; the issue was reported by Taiwan's TWCERT and carries a CVSS 4.0 base score of 8.5 (High).
Local privilege escalation in MSI Feature Manager (GameGaraj) stems from its bundled KernCoreLib64.sys kernel driver exposing IOCTL handlers that any logged-on user can reach without administrator rights, granting arbitrary physical memory read/write and unrestricted I/O port access. Any low-privileged user on an affected Windows host can leverage this to manipulate kernel objects, tamper with kernel callbacks, bypass Protected Process Light (PPL), and disable endpoint security. Publicly available exploit code exists (published by VulnCheck), though there is no public exploit identified as being used in active attacks at time of analysis.
Local privilege escalation in NEC's ExpressUpdate Agent for Windows allows a low-privileged user who can already access the host to execute arbitrary code with SYSTEM privileges, owing to insufficient access controls on the agent. Reported by NEC under advisory NV26-004, the flaw carries a CVSS 4.0 base score of 8.5 (High) and maps to CWE-782 (exposed IOCTL with insufficient access control). There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Physical memory exposure in the Generic IO & Memory Access Driver for Toshiba and Dynabook PCs allows any locally logged-in user - without administrative privileges - to access physical memory by invoking an insufficiently access-controlled IOCTL interface. Physical memory access of this kind typically enables both reading sensitive in-memory data (credentials, encryption keys, kernel structures) and writing to arbitrary memory addresses, making the effective impact broader than the vendor CVSS C:N rating suggests. No public exploit or CISA KEV listing has been identified at time of analysis; this was disclosed via JPCERT/JVN and a Sharp/Dynabook security advisory.
Anti-tampering bypass in Netskope Client for Windows (all versions prior to R138) allows a local administrator to send crafted IOCTL requests directly to the NSClient kernel driver, completely neutralizing the product's self-protection mechanisms. The flaw arises from CWE-782 - an IOCTL interface exposed by the driver without sufficient access controls - meaning a privileged insider can issue arbitrary control operations the driver was not designed to accept from untrusted callers. No public exploit has been identified at time of analysis, and exploitation is constrained to actors who already hold administrative privileges on the endpoint, limiting the realistic threat to insider scenarios or post-compromise lateral movement by an attacker who has already achieved admin-level access.
Local privilege escalation in PC Tools Internet Security (Symantec) is possible because the PCTCore64.sys kernel driver exposes its PCTCoreDriver WDM device interface to user-mode processes without adequate access controls, allowing low-privileged users to invoke privileged IOCTL handlers. CERT/CC tracked this as VU#158530 and the affected driver is a candidate for Microsoft's recommended driver block list; no public exploit identified at time of analysis, though the vulnerability class (BYOVD-style abuse) is well understood by attackers.
AsusPTPFilter driver allows local authenticated users to bypass security mechanisms via crafted IOCTL requests, potentially leaking restricted touchpad information or disabling the touchpad entirely. The vulnerability requires local access and low-level privileges but impacts the integrity and availability of the touchpad subsystem. CVSS 2.0 reflects limited scope (low severity across confidentiality, integrity, availability), but the attack vector is local and requires existing user privileges.
Moxa MxGeneralIo utility versions prior to 1.4.0/1.5.0 expose IOCTL interfaces allowing authenticated high-privilege local attackers to directly access Model-Specific Registers (MSR) and system memory, enabling privilege escalation on Windows 7 or denial-of-service crashes (BSoD) on Windows 10/11. While CVSS 7.0 reflects high availability impact and network attack vector classification, the actual exploit requires local high-privilege access (PR:H), significantly reducing practical risk. No confirmed active exploitation (not in CISA KEV) or public proof-of-concept has been identified at time of analysis, though vendor advisory confirms patch availability.
Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. before version NVM ver. [CVSS 5.3 MEDIUM]
An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an. Rated high severity (CVSS 7.8). No vendor patch available.
Local privilege escalation in the MBStorage DRAM lighting control module of GIGABYTE's Gigabyte Control Center (GCC) lets an authenticated low-privileged local user reach kernel-level privileges by abusing the bundled MyPortIO_x64.sys driver. The driver exposes IOCTL handlers without adequate access control, permitting arbitrary read and write of physical memory. No public exploit identified at time of analysis; the issue was reported by Taiwan's TWCERT and carries a CVSS 4.0 base score of 8.5 (High).
Local privilege escalation in MSI Feature Manager (GameGaraj) stems from its bundled KernCoreLib64.sys kernel driver exposing IOCTL handlers that any logged-on user can reach without administrator rights, granting arbitrary physical memory read/write and unrestricted I/O port access. Any low-privileged user on an affected Windows host can leverage this to manipulate kernel objects, tamper with kernel callbacks, bypass Protected Process Light (PPL), and disable endpoint security. Publicly available exploit code exists (published by VulnCheck), though there is no public exploit identified as being used in active attacks at time of analysis.
Local privilege escalation in NEC's ExpressUpdate Agent for Windows allows a low-privileged user who can already access the host to execute arbitrary code with SYSTEM privileges, owing to insufficient access controls on the agent. Reported by NEC under advisory NV26-004, the flaw carries a CVSS 4.0 base score of 8.5 (High) and maps to CWE-782 (exposed IOCTL with insufficient access control). There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Physical memory exposure in the Generic IO & Memory Access Driver for Toshiba and Dynabook PCs allows any locally logged-in user - without administrative privileges - to access physical memory by invoking an insufficiently access-controlled IOCTL interface. Physical memory access of this kind typically enables both reading sensitive in-memory data (credentials, encryption keys, kernel structures) and writing to arbitrary memory addresses, making the effective impact broader than the vendor CVSS C:N rating suggests. No public exploit or CISA KEV listing has been identified at time of analysis; this was disclosed via JPCERT/JVN and a Sharp/Dynabook security advisory.
Anti-tampering bypass in Netskope Client for Windows (all versions prior to R138) allows a local administrator to send crafted IOCTL requests directly to the NSClient kernel driver, completely neutralizing the product's self-protection mechanisms. The flaw arises from CWE-782 - an IOCTL interface exposed by the driver without sufficient access controls - meaning a privileged insider can issue arbitrary control operations the driver was not designed to accept from untrusted callers. No public exploit has been identified at time of analysis, and exploitation is constrained to actors who already hold administrative privileges on the endpoint, limiting the realistic threat to insider scenarios or post-compromise lateral movement by an attacker who has already achieved admin-level access.
Local privilege escalation in PC Tools Internet Security (Symantec) is possible because the PCTCore64.sys kernel driver exposes its PCTCoreDriver WDM device interface to user-mode processes without adequate access controls, allowing low-privileged users to invoke privileged IOCTL handlers. CERT/CC tracked this as VU#158530 and the affected driver is a candidate for Microsoft's recommended driver block list; no public exploit identified at time of analysis, though the vulnerability class (BYOVD-style abuse) is well understood by attackers.
AsusPTPFilter driver allows local authenticated users to bypass security mechanisms via crafted IOCTL requests, potentially leaking restricted touchpad information or disabling the touchpad entirely. The vulnerability requires local access and low-level privileges but impacts the integrity and availability of the touchpad subsystem. CVSS 2.0 reflects limited scope (low severity across confidentiality, integrity, availability), but the attack vector is local and requires existing user privileges.
Moxa MxGeneralIo utility versions prior to 1.4.0/1.5.0 expose IOCTL interfaces allowing authenticated high-privilege local attackers to directly access Model-Specific Registers (MSR) and system memory, enabling privilege escalation on Windows 7 or denial-of-service crashes (BSoD) on Windows 10/11. While CVSS 7.0 reflects high availability impact and network attack vector classification, the actual exploit requires local high-privilege access (PR:H), significantly reducing practical risk. No confirmed active exploitation (not in CISA KEV) or public proof-of-concept has been identified at time of analysis, though vendor advisory confirms patch availability.
Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. before version NVM ver. [CVSS 5.3 MEDIUM]
An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an. Rated high severity (CVSS 7.8). No vendor patch available.