On Microsoft Windows, the check for an AC token when impersonating the anonymous token does not check impersonation token’s security level leading to impersonating a non-AC anonymous token leading to privilege escalation.
On Microsoft Windows, the check for an AC token when impersonating the anonymous token does not check impersonation token’s security level leading to impersonating a non-AC anonymous token leading to privilege escalation.