Microsoft Win32k Elevation of Privilege (CVE-2017-8694)

An elevation of privilege vulnerability exists in Windows Kernel-Mode Driver. The vulnerability is due to an error in the way Microsoft Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kern...

Microsoft Windows Kernel CVE-2017-11817 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. An attacker can leverage this issue to disclose sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...

KLA11111 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain privileges, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A remote cod...

Using Binary Diffing to Discover Windows Kernel Memory Disclosure Bugs

Posted by Mateusz Jurczyk of Google Project Zero Patch diffing is a common technique of comparing two binary builds of the same code – a known-vulnerable one and one containing a security fix. It is often used to determine the technical details behind ambiguously-worded bulletins, and to establis...

Microsoft Windows Kernel - win32k.sys TTF Font Processing - Out-of-Bounds Reads/Writes with Malforme

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1273 We have encountered a number of Windows kernel crashes in the win32k.sys driver while processing corrupted TTF font files. The most frequent one occurring for the bug reported...

Microsoft Windows Kernel - win32k!NtGdiGetGlyphOutline Pool Memory Disclosure Exploit

Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1267&desc=2 We have discovered that the win32k!NtGdiGetGlyphOutline system call handler may disclose large portions of uninitialized pool memory to user-mode clients. The functio...

Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds ReadsWrites with Malformed fpgm table win32k!bGeneratePath (Denial of Service)

Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds ReadsWrites with Malformed fpgm table win32k!bGeneratePath Denial of Service Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1273 We have encountered a number of Windows kernel crashes in the win32k.sys...

Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds Read with Malformed glyf Table win32k!fsc_CalcGrayRow (Denial of Service)

Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds Read with Malformed glyf Table win32k!fscCalcGrayRow Denial of Service Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1274 We have encountered a number of Windows kernel crashes in the win32k.sys driver...

Microsoft Windows Kernel - win32k!NtGdiGetFontResourceInfoInternalW Stack Memory Disclosure

Microsoft Windows Kernel - win32k!NtGdiGetFontResourceInfoInternalW Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1275 We have discovered that the nt!NtGdiGetFontResourceInfoInternalW system call discloses portions of uninitialized kernel stack memory...

Microsoft Windows Kernel - win32k!NtGdiGetGlyphOutline Pool Memory Disclosure

Microsoft Windows Kernel - win32k!NtGdiGetGlyphOutline Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1267&desc=2 We have discovered that the win32k!NtGdiGetGlyphOutline system call handler may disclose large portions of uninitialized pool memory to...

Microsoft Windows Kernel - nt!NtSetIoCompletion / nt!NtRemoveIoCompletion Pool Memory Disclosure

Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1269 We have discovered that the nt!NtRemoveIoCompletion system call handler discloses 4 bytes of uninitialized pool memory to user-mode clients on 64-bit platforms. The bug...

Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table 'win32k!bGeneratePath' (Denial of Service)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1273 We have encountered a number of Windows kernel crashes in the win32k.sys driver while processing corrupted TTF font files. The most frequent one occurring for the bug reported here is as follows: --- PAGEFAULTINNONPAGEDAREA 50...

Microsoft Windows Kernel - 'win32k!NtGdiGetPhysicalMonitorDescription' Stack Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1268 We have discovered that the nt!NtGdiGetPhysicalMonitorDescription system call discloses portions of uninitialized kernel stack memory to user-mode clients, on Windows 7 to Windows 10. This is caused by the fact that the...

Microsoft Windows Kernel - 'win32k!NtGdiGetGlyphOutline' Pool Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1267&desc=2 We have discovered that the win32k!NtGdiGetGlyphOutline system call handler may disclose large portions of uninitialized pool memory to user-mode clients. The function first allocates memory using...

Microsoft Windows Kernel - 'win32k!NtGdiEngCreatePalette' Stack Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1276&desc=2 We have discovered that the nt!NtGdiEngCreatePalette system call discloses large portions of uninitialized kernel stack memory to user-mode clients. This is caused by the fact that for palettes created in the PALINDEX...

CVE-2017-8719

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objec...

CVE-2017-8709

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objec...

CVE-2017-8680

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure...

CVE-2017-8687

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objec...

CVE-2017-8708

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objec...