Details emerged that a security flaw in currently patched Microsoft Windows is being actively exploited and could be exploited by attackers on affected systems.
Vulnerabilities are tracked as CVE-2023-29336which is rated 7.8 severity and is related to a privilege escalation bug in the Win32k component.
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said in an advisory issued last month as part of its Patch Tuesday updates.
Avast researchers Jan Vojtฤลกek, Milรกnek, and Luigino Camastra are credited with discovering and reporting the flaw.
Win32k.sys is a kernel-mode driver, an integral part of the Windows architecture, responsible for the graphical device interface (GUI) and window management.
Although the exact details regarding the actual exploitation of this flaw are unknown at this time, numen cyber I’ve taken apart a patch released by Microsoft to create a proof of concept (Demonstration experiment) Windows Server 2016 exploit.
The Singapore-based cybersecurity firm said the vulnerability relies on leaked kernel handle addresses in heap memory to ultimately obtain read and write primitives.
“Win32k vulnerabilities are well known throughout history,” said Numen Cyber. “However, in the latest Windows 11 preview version, Microsoft tried to refactor this part of the kernel code using Rust, which may eliminate such vulnerabilities in newer systems in the future. there is.”
Numen Cyber โโsets itself apart from other Web3 security companies by emphasizing the need for advanced security features, with a particular focus on OS-level security attack and defense capabilities. The company’s products and services provide state-of-the-art solutions that address Web3’s unique security challenges.
