EXECUTIVE SUMMARY:
A series of privilege escalation vulnerabilities in Microsoft Windows have been disclosed, allowing unprivileged users to gain local system-level privileges via DLL hijacking attacks. The vulnerabilities stem from improperly validated DLLs loaded by both low-privileged and high-privileged users. Attackers can exploit this by replacing a legitimate DLL with a malicious one, executing arbitrary code under the privileges of the process that loads the DLL. This vulnerability is particularly dangerous due to its potential to grant administrative access to the local machine. A related flaw, while less severe, could also enable user-to-user attacks in a similar manner, exploiting the lack of DLL validation in certain user-level processes.