Information has become available on a Microsoft Windows security hole that is now being actively exploited and may be leveraged by a threat actor to escalate their privileges on impacted devices.
The Windows vulnerability, CVE-2023-29336, has a severity rating of 7.8 and relates to a flaw that elevates privileges in the Win32k component.
In a security warning released as part of Patch Tuesday updates last month, Microsoft revealed that an attacker who was successful in exploiting this vulnerability may obtain SYSTEM capabilities.
Jan Vojtek, Milánek, and Luigino Camastra, researchers with Avast, are credited with finding and reporting the problem.
The administration of Windows and GUIs is handled by Win32k.sys, a kernel-mode driver that is a crucial component of the Windows design.
Numen Cyber has dismantled the Microsoft patch to create a proof-of-concept (PoC) exploit for Windows Server 2016, despite the fact that the specifics of in-the-wild usage of the weakness are now unknown.
The Singapore-based cybersecurity firm said that in order to finally get a read-write primitive, the vulnerability depended on the exposed kernel handle location in the heap memory.
Win32k’s faults are well-known throughout history, claims Numen Cyber. In the most current Windows 11 preview, Microsoft attempted to utilize Rust to rebuild this section of the kernel code.
This may make the new system’s vulnerabilities obsolete in the future.