Security Experts Highlight Exploit for Patched Windows Flaw

Written by

Security researchers have discovered and released details about an actively exploited Microsoft Windows security flaw that could allow threat actors to gain elevated privileges on affected systems. 

Tracked as CVE-2023-29336 and rated 7.8 in CVSS severity, the vulnerability is related to an elevation of privilege bug in the Win32k component of Windows. A patch for the flaw was released by Microsoft as part of the May 2023 Patch Tuesday update.

Read more on the latest Patch Tuesday: Microsoft Patches Three Zero-Day Bugs This Month

Although the exact details of the in-the-wild exploitation remain unknown, cybersecurity firm Numen Cyber has deconstructed the patch released by Microsoft and created a proof-of-concept (PoC) exploit for Windows Server 2016.

In its advisory, Numen Cyber highlighted that Win32k vulnerabilities have a history. Microsoft has attempted to refactor this part of the kernel code using Rust in the latest Windows 11 preview version, which may eliminate such vulnerabilities in the future.

The vulnerability allows low-privileged users to obtain SYSTEM privileges, the highest user mode privileges in Windows. Cybersecurity firm Avast was first credited with discovering the flaw, revealing that it was actively exploited as a zero-day in attacks.

Fast forward to this week, Numen Cyber warned that exploiting this vulnerability does not require novel techniques and heavily relies on leaked desktop heap handle addresses. Therefore, older systems remain at risk if this issue is not addressed thoroughly.

“While this vulnerability seems to be non-exploitable on the Win11 system version, it poses a significant risk to earlier systems,” reads the technical write-up.

System administrators are advised to be vigilant for abnormal offset reads and writes in memory or related to window objects, as they may indicate active exploitation of CVE-2023-29336 for local privilege escalation.

Additional vulnerabilities potentially allowing attackers to gain elevated privileges were recently discovered in the popular graphics debugger RenderDoc.

Image credit: diy13 / Shutterstock.com

What’s hot on Infosecurity Magazine?