Cyber Security

Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation

Jun 08, 2023Ravie LakshmananEndpoint Security / Zero-Day

Details have emerged about a now-patched actively exploited security flaw in Microsoft Windows that could be abused by a threat actor to gain elevated privileges on affected systems.

The vulnerability, tracked as CVE-2023-29336, is rated 7.8 for severity and concerns an elevation of privilege bug in the Win32k component.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft disclosed in an advisory issued last month as part of Patch Tuesday updates.

Avast researchers Jan Vojtěšek, Milánek, and Luigino Camastra were credited with discovering and reporting the flaw.

Win32k.sys is a kernel-mode driver and an integral part of the Windows architecture, being responsible for graphical device interface (GUI) and window management.

While the exact specifics surrounding in-the-wild abuse of the flaw is presently not known, Numen Cyber has deconstructed the patch released by Microsoft to craft a proof-of-concept (PoC) exploit for Windows Server 2016.

The Singapore-based cybersecurity company said the vulnerability relied on the leaked kernel handle address in the heap memory to ultimately obtain a read-write primitive.

“Win32k vulnerabilities are well-known in history,” Numen Cyber said. “However, in the latest Windows 11 preview version, Microsoft has attempted to refactor this part of the kernel code using Rust. This may eliminate such vulnerabilities in the new system in the future.”

Numen Cyber distinguishes itself from typical Web3 security companies by emphasizing the need for advanced security capabilities, specifically focusing on OS-level security attack and defense capabilities. Their products and services offer state-of-the-art solutions to address the unique security challenges of Web3.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Articles You May Like

Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors
Apple 3nm Chip Demand for 2024 to Be Below Expectations Amid Declining iPad, MacBook Demand: Ming-Chi Kuo
Meta Used Public Instagram, Facebook Posts to Train Its New AI Assistant
Apple Car Unlikely to Go Into Mass Production in Next Few Years: Ming-Chu Kuo
FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies