DESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys 1.2.0.27 are present, allows local users to gain privileges via a certain DLMFENC_IOCTL request to \.\DLKPFSD_Device that overwrites a pointer, aka the βring0 link list zero SYSTEMβ vulnerability.