Gamefirst Anti Cheat
Monthly
Local privilege escalation in Little Orbit's GameFirst Anti-Cheat (GFAC) lets a low-privileged user reach SYSTEM and run arbitrary code in kernel mode by sending crafted messages to the GFAC_Sys_x64.sys minifilter communication port. All GameFirst Anti-Cheat builds up to and including the 2025-07-07 release are affected, and a public GitHub repository covering this CVE alongside two sibling flaws indicates exploit material is available. There is no public exploit identified as being actively used, but the CERT/CC coordination and shared PoC repository make weaponization plausible.
NULL pointer dereference in the GFAC_Sys_x64.sys kernel driver of Little Orbit's GameFirst Anti-Cheat enables a local low-privileged attacker to crash the entire Windows system by sending crafted requests to the driver. All versions released up to 2025-07-07 are affected per EUVD-2026-41377. A public GitHub repository containing proof-of-concept exploit code covering this CVE alongside two sibling vulnerabilities (CVE-2026-12167, CVE-2026-12168) exists, though no active exploitation has been confirmed by CISA KEV.
Local privilege escalation in Little Orbit's GameFirst Anti-Cheat (GFAC) kernel driver GFAC_Sys_x64.sys allows an unprivileged local user to invoke privileged driver functionality because the minifilter communication port exposes its interface without proper access control. Any local account can send crafted requests through the port to reach kernel-level operations, yielding full confidentiality, integrity, and availability impact (CVSS 7.8). A CERT/CC-coordinated advisory (VU#639124) and a public GitHub repository covering CVE-2026-12166/12167/12168 suggest exploit code is likely available, though no active exploitation is confirmed.
Local privilege escalation in Little Orbit's GameFirst Anti-Cheat (GFAC) lets a low-privileged user reach SYSTEM and run arbitrary code in kernel mode by sending crafted messages to the GFAC_Sys_x64.sys minifilter communication port. All GameFirst Anti-Cheat builds up to and including the 2025-07-07 release are affected, and a public GitHub repository covering this CVE alongside two sibling flaws indicates exploit material is available. There is no public exploit identified as being actively used, but the CERT/CC coordination and shared PoC repository make weaponization plausible.
NULL pointer dereference in the GFAC_Sys_x64.sys kernel driver of Little Orbit's GameFirst Anti-Cheat enables a local low-privileged attacker to crash the entire Windows system by sending crafted requests to the driver. All versions released up to 2025-07-07 are affected per EUVD-2026-41377. A public GitHub repository containing proof-of-concept exploit code covering this CVE alongside two sibling vulnerabilities (CVE-2026-12167, CVE-2026-12168) exists, though no active exploitation has been confirmed by CISA KEV.
Local privilege escalation in Little Orbit's GameFirst Anti-Cheat (GFAC) kernel driver GFAC_Sys_x64.sys allows an unprivileged local user to invoke privileged driver functionality because the minifilter communication port exposes its interface without proper access control. Any local account can send crafted requests through the port to reach kernel-level operations, yielding full confidentiality, integrity, and availability impact (CVSS 7.8). A CERT/CC-coordinated advisory (VU#639124) and a public GitHub repository covering CVE-2026-12166/12167/12168 suggest exploit code is likely available, though no active exploitation is confirmed.