The Hacker News reports that a proof-of-concept exploit for an actively exploited high-severity Win32k driver vulnerability, tracked as CVE-2023-29336, has been developed by Numen Cyber researchers who studied the fix issued by Microsoft as part of last month's Patch Tuesday updates.
Such a flaw in the Win32k.sys kernel-mode driver which was identified and reported by Avast security researchers Luigino Camastra, Milanek, and Jan Vojtesek, and could be leveraged by threat actors to secure SYSTEM privileges on compromised systems was dependent on the heap memory's exposed kernel handle address to enable read-write primitive acquisition, according to the Numen Cyber study.
"Win32k vulnerabilities are well-known in history. However, in the latest Windows 11 preview version, Microsoft has attempted to refactor this part of the kernel code using Rust. This may eliminate such vulnerabilities in the new system in the future," said Numen Cyber.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds