Cybersecurity researchers from Numen have found more ways to exploit older versions of Windows 10.
Earlier this week, the company’s experts published a proof-of-concept (PoC) exploit for a flaw known to be used by threat actors in the wild. The vulnerability is tracked as CVE-2023-29336, and carries a severity rating of 7.8.
Threat actors abusing it can elevate low-privilege users to SYSTEM privileges, granting them the ability to run arbitrary code on target endpoints. It affects the Win32k subsystem which handles the communication between input hardware and components such as screen output and graphics.
Older versions affected
The flaw was initially discovered by researchers from Avast, which said hackers used it in zero-day attacks. Now, Numen’s PoC shows how the exploit can be leveraged in Windows Server 2016, too.
Microsoft patched the vulnerability last month, with the Patch Tuesday May 2023 cumulative update.
"While this vulnerability seems to be non-exploitable on the Win11 system version, it poses a significant risk to earlier systems," Numen said. "Exploitation of such vulnerabilities has a notorious track record.” The researchers argue that it doesn’t take a highly experienced hacker to leverage the flaw either.
IT teams worried about being targeted through this flaw should keep a close eye on offset reads and writes in memory, or related window objects, for anything out of the ordinary. That, the researchers say, is one of the biggest indicators of compromise in this case, and suggests local privilege escalation.
"Apart from diligently exploring different methods to gain control over the first write operation using the reoccupied data from freed memory, there is typically no need for novel exploitation techniques," reads the report.
IT teams are advised to apply Microsoft’s patch as soon as possible.
- These are the best endpoint protection tools right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.