Home / exploitsPDF  

Win32k ConsoleControl Offset Confusion / Privilege Escalation

Posted on 28 February 2022

A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITYSYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value. This can be leveraged to achieve an out of bounds write operation, eventually leading to privilege escalation. This flaw was originally identified as CVE-2021-1732 and was patched by Microsoft on February 9th, 2021. In early 2022, a technique to bypass the patch was identified and assigned CVE-2022-21882. The root cause is is the same for both vulnerabilities. This exploit combines the patch bypass with the original exploit to function on a wider range of Windows 10 targets.

 

TOP