Exploiting ‘Win32k.sys Elevation of Privilege Vulnerability’ on Windows 8.1

/* George Chetcuti*/ /*">George Chetcuti*/ /*George Chetcuti*/ Posted On November 6, 2014
0
62 Views


The vulnerability exists due to a missing return value check within the win32k.sys driver. This driver is responsible for the kernel-mode part of the Windows subsystem. It handles window management and provides the Graphics Device Interface (GDI) among other things. The results of the analysis show that even with the presence of protection mechanisms like SMEP, with full control over a moderately large kernel structure there are enough possibilities to trigger a simple memory corruption in order to achieve the desired goal and be able to escalate privileges without overwriting any function pointers or executing any shell code at all.

Read the full analysis here - http://dl.packetstormsecurity.net/papers/attack/CVE-2014-4113.pdf

Post Views: 62


Home » Blog Archive » WN Blogs » George Chetcuti Blog » Exploiting ‘Win32k.sys Elevation of Privilege Vulnerability’ on Windows 8.1

Author

George Chetcuti




Leave A Reply

Leave a Reply

Your email address will not be published.

  • Join Our Newsletter

    Learn about the latest security threats, system optimization tricks, and the hottest new technologies in the industry.

    Over 1,000,000 fellow IT Pros are already on-board, don't be left out!


You are reading
Exploiting ‘Win32k.sys Elevation of Privilege Vulnerability’ on Windows 8.1
Share No Comment