Subscribe via feed.

Ancillary Function Driver (AFD) For Winsock Privilege Escalation

Posted by deepcore on March 31, 2023 – 12:39 pm

A vulnerability exists in the Windows Ancillary Function Driver for Winsock (afd.sys) can be leveraged by an attacker to escalate privileges to those of NT AUTHORITYSYSTEM. Due to a flaw in AfdNotifyRemoveIoCompletion, it is possible to create an arbitrary kernel Write-Where primitive, which can be used to manipulate internal I/O ring structures and achieve local privilege escalation. This exploit only supports Windows 11 22H2 up to build 22621.963 (patched in January 2023 updates).


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.