Ancillary Function Driver (AFD) For Winsock Privilege Escalation
Posted by deepcore on March 31, 2023 – 12:39 pm
A vulnerability exists in the Windows Ancillary Function Driver for Winsock (afd.sys) can be leveraged by an attacker to escalate privileges to those of NT AUTHORITYSYSTEM. Due to a flaw in AfdNotifyRemoveIoCompletion, it is possible to create an arbitrary kernel Write-Where primitive, which can be used to manipulate internal I/O ring structures and achieve local privilege escalation. This exploit only supports Windows 11 22H2 up to build 22621.963 (patched in January 2023 updates).
Post a reply
You must be logged in to post a comment.