Win32k ConsoleControl Offset Confusion / Privilege Escalation

Posted by deepcore on March 1, 2022 – 5:52 pm

A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITYSYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value. This can be leveraged to achieve an out of bounds write operation, eventually leading to privilege escalation. This flaw was originally identified as CVE-2021-1732 and was patched by Microsoft on February 9th, 2021. In early 2022, a technique to bypass the patch was identified and assigned CVE-2022-21882. The root cause is is the same for both vulnerabilities. This exploit combines the patch bypass with the original exploit to function on a wider range of Windows 10 targets.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« [remote] WAGO 750-8212 PFC200 G2 2ETH RS – Privilege Escalation Axis IP Camera Shell Upload »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Win32k ConsoleControl Offset Confusion / Privilege Escalation

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL