{"id":15304,"date":"2023-06-14T10:05:17","date_gmt":"2023-06-14T10:05:17","guid":{"rendered":"https:\/\/gridinsoft.com\/blogs\/?p=15304"},"modified":"2023-06-15T10:19:40","modified_gmt":"2023-06-15T10:19:40","slug":"poc-exploit-for-a-vulnerability-in-win32k","status":"publish","type":"post","link":"https:\/\/gridinsoft.com\/blogs\/poc-exploit-for-a-vulnerability-in-win32k\/","title":{"rendered":"Information Security Experts Published a PoC Exploit for a Vulnerability in Win32k"},"content":{"rendered":"

Information security experts have published a PoC exploit for a privilege escalation vulnerability in the Win32k driver that was fixed in May.<\/h4>\n<\/p>\n

Let me remind you that this bug received the identifier CVE-2023-29336<\/a><\/strong> (7.8 points on the CVSS scale) and was discovered by Avast<\/strong> researchers. CVE-2023-29336<\/strong> has been reported to affect systems running Windows 10<\/strong> and Windows Server 2008, 2012, and 2016.<\/p>\n

An attacker who successfully exploited this vulnerability could gain SYSTEM-level privileges.Microsoft<\/strong> said in a statement.<\/span><\/div><\/div>\n

Back in May, Avast specialists warned that they had already recorded attacks on CVE-2023-29336<\/strong>, but nothing concrete was reported about them.<\/p>\n

We also wrote that Exploits for Vulnerabilities in Three Popular WordPress<\/strong> Plugins Appeared on the Network<\/a>, and also that Thousands of GitHub<\/strong> Repositories Spread Malware That Is Disguised as Exploits<\/a>.<\/p>\n

Also the information security specialists pointed out that A PoC Exploit Is Already Available for a Critical RCE Problem in Fortinet<\/strong> Products<\/a>.<\/p>\n

In turn, the US Cybersecurity and Infrastructure Security Agency (CISA<\/strong>) added this issue to its catalog of known exploitable vulnerabilities (KEV<\/a><\/strong>), and urged organizations to install patches by May 30, 2023.<\/p>\n

Now, a month after the release of the patch, analysts from Numen<\/strong> have published full technical information about the vulnerability<\/a>, as well as a PoC exploit for Windows Server 2016.<\/p>\n

Experts say that although the vulnerability is not suitable for attacks on Windows 11, it poses a significant risk to older versions of the OS, including older versions of Windows 10, Windows Server and Windows 8.<\/p>\n

In their report, the researchers explain that they experimented with various memory manipulation techniques, exploit triggers, and memory read\/write functions, which ultimately helped them create a working exploit that provides reliable privilege escalation to the SYSTEM level.<\/p>\n

A demonstration of the exploit is shown in the video below.<\/p>\n