The Windows client for Pulse Secure versions prior to 9.1.6 have a TOCTOU bug that allows an attacker to escalate the privilege to NT_AUTHORITY\SYSTEM.
Read more