module
Win32k ConsoleControl Offset Confusion
| Disclosed |
|---|
| Feb 9, 2021 |
Disclosed
Feb 9, 2021
Description
A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of
NT AUTHORITY\SYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being
treated as an offset despite being populated by an attacker-controlled value. This can be leveraged to
achieve an out of bounds write operation, eventually leading to privilege escalation.
This flaw was originally identified as CVE-2021-1732 and was patched by Microsoft on February 9th, 2021.
In early 2022, a technique to bypass the patch was identified and assigned CVE-2022-21882. The root cause is
is the same for both vulnerabilities. This exploit combines the patch bypass with the original exploit to
function on a wider range of Windows 10 targets.
NT AUTHORITY\SYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being
treated as an offset despite being populated by an attacker-controlled value. This can be leveraged to
achieve an out of bounds write operation, eventually leading to privilege escalation.
This flaw was originally identified as CVE-2021-1732 and was patched by Microsoft on February 9th, 2021.
In early 2022, a technique to bypass the patch was identified and assigned CVE-2022-21882. The root cause is
is the same for both vulnerabilities. This exploit combines the patch bypass with the original exploit to
function on a wider range of Windows 10 targets.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.