In case you missed it, there were three vulnerabilities related to GP Preferences in the latest October 2022 “Patch Tuesday”. Specifically they were:
While there is precious little detail about how these are exploited, the bottom line for all of them is that they all involve tricking the GP subsystem into elevating a user request to localSystem (limited or otherwise). So, patch your systems ASAP! This one is not great, as gaining localSystem from a regular user gives attackers yet another avenue to harvest credentials from a system and move laterally.