Positive Technologies Research Team has discovered multiple privilege escalation vulnerabilities in Trend Micro products. The IOCTL handler in tmactmon.sys uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate buffer data associated with the Irp object, which allows local users to gain SYSTEM privileges.
55ea736f59fb7ae8994b65029d905f7cae968eb2e5909d99df231a466897d933