Details have emerged about a now actively exploited security flaw in Microsoft Windows that could be abused by threat actors to gain elevated privileges on affected systems.
Vulnerability, tracked as CVE-2023-29336rated 7.8 for severity and concerns improving privilege bugs in Win32k components.
“An attacker who successfully exploits this vulnerability may gain SYSTEM privileges,” Microsoft revealed in an advisory issued last month as part of its Patch Tuesday update.
Avast researchers Jan Vojtěšek, Milánek, and Luigino Camastra are credited with finding and reporting the flaw.
Win32k.sys is a kernel mode driver and an integral part of the Windows architecture, responsible for the graphical device interface (GUI) and window management.
While the exact details surrounding the abuse of disability are currently unknown, virtual god have deconstructed the patch released by Microsoft to create a proof of concept (PoC) exploit for Windows Server 2016.
The Singapore-based cybersecurity firm said the vulnerability relied on leaking kernel handle addresses in the heap memory to eventually obtain read-write primitives.
“Win32k vulnerabilities are well-known in history,” said Numen Cyber. “However, in the latest preview builds of Windows 11, Microsoft has attempted to fix this part of the kernel code using Rust. This may eliminate such vulnerabilities in new systems in the future.”
Numen Cyber differentiates itself from typical Web3 security companies by emphasizing the need for advanced security capabilities, specifically focusing on OS level security attacks and defense capabilities. Their products and services offer state-of-the-art solutions to address Web3’s unique security challenges.