Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation
Details
have
emerged
about
a
now-patched
actively
exploited
security
flaw
in
Microsoft
Windows
that
could
be
abused
by
a
threat
actor
to
gain
elevated
privileges
on
affected
systems.
The
vulnerability,
tracked
as
CVE-2023-29336,
is
rated
7.8
for
severity
and
concerns
an
elevation
of
privilege
bug
in
the
Win32k
component.
“An
attacker
who
successfully
exploited
this
vulnerability
could
gain
SYSTEM
privileges,”
Microsoft
disclosed
in
an
advisory
issued
last
month
as
part
of
Patch
Tuesday
updates.
Avast
researchers
Jan
Vojtěšek,
Milánek,
and
Luigino
Camastra
were
credited
with
discovering
and
reporting
the
flaw.
Win32k.sys
is
a
kernel-mode
driver
and
an
integral
part
of
the
Windows
architecture,
being
responsible
for
graphical
device
interface
(GUI)
and
window
management.
While
the
exact
specifics
surrounding
in-the-wild
abuse
of
the
flaw
is
presently
not
known,
Numen
Cyber
has
deconstructed
the
patch
released
by
Microsoft
to
craft
a
proof-of-concept
(PoC)
exploit
for
Windows
Server
2016.
The
Singapore-based
cybersecurity
company
said
the
vulnerability
relied
on
the
leaked
kernel
handle
address
in
the
heap
memory
to
ultimately
obtain
a
read-write
primitive.
“Win32k
vulnerabilities
are
well-known
in
history,”
Numen
Cyber
said.
“However,
in
the
latest
Windows
11
preview
version,
Microsoft
has
attempted
to
refactor
this
part
of
the
kernel
code
using
Rust.
This
may
eliminate
such
vulnerabilities
in
the
new
system
in
the
future.”
Numen
Cyber
distinguishes
itself
from
typical
Web3
security
companies
by
emphasizing
the
need
for
advanced
security
capabilities,
specifically
focusing
on
OS-level
security
attack
and
defense
capabilities.
Their
products
and
services
offer
state-of-the-art
solutions
to
address
the
unique
security
challenges
of
Web3.
About Author
