Simon Zuckerbraun at Trendmicro
(https://www.thezdi.com/blog/2023/1/23/activation-context-cache-poisoning-exploiting-csrss-for-privilege-escalation). This nomination highlights a new class of privilege escalation vulnerabilities, known as activation context cache poisoning. This technique was being actively used by an Austrian hack-for-hire group tracked by Microsoft as KNOTWEED”