DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users to gain privileges via a certain DLKFDISK_IOCTL request to \.\DLKFDisk_Control that overwrites a data structure associated with a mounted pseudo-filesystem, aka the βring0 SYSTEMβ vulnerability.