Exposed Win32k Windows Vulnerability, Researchers Share Proof-of-Concept Exploit
In a significant development, researchers have unveiled a proof-of-concept (PoC) exploit for a Windows local privilege escalation vulnerability. This particular flaw, which was recently patched as part of the May 2023 Patch Tuesday, was actively exploited by threat actors. Tracked as CVE-2023-29336, the vulnerability was initially discovered by cybersecurity firm Avast and was assigned a CVSS v3.1 severity rating of 7.8. By exploiting this vulnerability, low-privileged users could gain elevated Windows SYSTEM privileges, the highest user mode privileges in the Windows operating system.
Avast, the discoverer of the vulnerability, confirmed that it was actively exploited as a zero-day in attacks. However, the specific details of the exploitation remain undisclosed. To raise awareness about this actively exploited flaw and emphasize the importance of applying Windows security updates, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert and included it in its “Known Exploited Vulnerabilities” catalog.
Now, a month after the patch’s release, cybersecurity firm Numen has released comprehensive technical details regarding the CVE-2023-29336 vulnerability. Additionally, they have shared a PoC exploit specifically targeting Windows Server 2016. It is worth noting that Microsoft has stated that the vulnerability only affects older versions of Windows, such as older Windows 10 versions, Windows Server, and Windows 8, and does not impact Windows 11.
See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses
Trending: Offensive Security Tool: Pyramid
To safeguard against this vulnerability and other critical issues, it is strongly recommended that all Windows users promptly apply the May 2023 patch. Notably, this patch addresses not only the aforementioned flaw but also two additional zero-day vulnerabilities that were actively exploited by hackers.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: firstname.lastname@example.org
The post Exposed Win32k Windows Vulnerability, Researchers Share Proof-of-Concept Exploit first appeared on Black Hat Ethical Hacking.