Implement SepAdjustPrivileges, which does both the counting of (changed) privileges as well as applying them, when requested. Use it in NtAdjustPrivilegesToken twice instead of duplicating the code there.
Fix return value of NtAdjustPrivilegesToken by making sure to properly count the found privileges and check against the provided ones
Lock the Token, while messing with the privileges
Add support for SE_PRIVILEGE_REMOVED
Proplery (re)calculate Token flags after changing privileges
Improve failure pathes by using a common cleanup label
Don't free the allocations atatched to the token in SepCreateToken on failure, since ObDereferenceObject will already do that.
Make priviliges constants instead of initializing them.
Major