Researchers have found more ways to exploit versions of Windows 10

News
By Sead Fadilpašić
published

A new proof-of-concept was released

Microsoft Store in Windows 10
(Image credit: Microsoft)

Cybersecurity researchers from Numen have found more ways to exploit older versions of Windows 10

Earlier this week, the company’s experts published a proof-of-concept (PoC) exploit for a flaw known to be used by threat actors in the wild. The vulnerability is tracked as CVE-2023-29336, and carries a severity rating of 7.8. 

Threat actors abusing it can elevate low-privilege users to SYSTEM privileges, granting them the ability to run arbitrary code on target endpoints. It affects the Win32k subsystem which handles the communication between input hardware and components such as screen output and graphics. 

Older versions affected

The flaw was initially discovered by researchers from Avast, which said hackers used it in zero-day attacks. Now, Numen’s PoC shows how the exploit can be leveraged in Windows Server 2016, too. 

While older versions of Windows 10, Windows Server, and Windows 8, are vulnerable, newer versions, such as Windows 11, are immune, it was said. 

Microsoft patched the vulnerability last month, with the Patch Tuesday May 2023 cumulative update. 

"While this vulnerability seems to be non-exploitable on the Win11 system version, it poses a significant risk to earlier systems," Numen said. "Exploitation of such vulnerabilities has a notorious track record.” The researchers argue that it doesn’t take a highly experienced hacker to leverage the flaw either. 

Read more

> Clop ransomware may have infected even more victims than previously thought

> Saks Fifth Avenue becomes latest Clop ransomware victim

> Check out the best firewall tools right now

IT teams worried about being targeted through this flaw should keep a close eye on offset reads and writes in memory, or related window objects, for anything out of the ordinary. That, the researchers say, is one of the biggest indicators of compromise in this case, and suggests local privilege escalation.

"Apart from diligently exploring different methods to gain control over the first write operation using the reoccupied data from freed memory, there is typically no need for novel exploitation techniques," reads the report.

IT teams are advised to apply Microsoft’s patch as soon as possible.

Via: BleepingComputer

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.