16 matches found
Win32k ConsoleControl Offset Confusion / Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Win32k ConsoleControl Offset Confusion', 'Description' = %q A vulnerability exists within win32k that can be leveraged by an attacker to escalate...
Win32k ConsoleControl Offset Confusion / Privilege Escalation Exploit
A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value. This...
Win32k ConsoleControl Offset Confusion
A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value. This...
Exploit for Out-of-bounds Write in Microsoft
CVE-2022-21882 Win32k Elevation Of Privileges Techn...
CISA Orders Federal Agencies to Fix Actively Exploited Windows Bug
CISA is putting the thumbscrews on federal agencies to get them to patch an actively exploited Windows vulnerability. On Friday, the U.S. Cybersecurity and Infrastructure Security Agency CISA announced that it added the vulnerability – tracked as CVE-2022-21882 and with a CVSS criticality rating ...
CISA Orders Federal Agencies to Patch Actively Exploited Windows Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency CISA is urging federal agencies to secure their systems against an actively exploited security vulnerability in Windows that could be abused to gain elevated permissions on affected hosts. To that end, the agency has added CVE-2022-21882...
Exploit for Out-of-bounds Write in Microsoft
cve-2022-21882-poc lpe poc...
Exploit for Out-of-bounds Write in Microsoft
CVE-2022-21882 win32k LPE bypass CVE-2021-1732 Test - only...
Public Exploit Released for Windows 10 Bug
Security teams might have skipped January’s Patch Tuesday after reports of it breaking servers, but it also included a patch for a privilege-escalation bug in Windows 10 that leaves unpatched systems open to malicious actors looking for administrative access. It’s a bug that now has a...
CVE-2022-21882
creationtimestamp| type| source ---|---|--- 2022-01-28 12:07:13+00:00| seen| https://t.me/CyberSecurityTechnologies/5293 2022-01-30 09:43:14+00:00| published-proof-of-concept| https://t.me/cyberbannewsir/4980 2022-01-30 09:45:57+00:00| published-proof-of-concept| https://t.me/habrcomnews/3088...
CVE-2022-21882
Win32k Elevation of Privilege Vulnerability...
CVE-2022-21882 Win32k Elevation of Privilege Vulnerability
...
CVE-2022-21882
CVE-2022-21882 is a Windows Win32k local privilege-escalation vulnerability. It arises when an incomplete patch for CVE-2021-1732 leaves a bypass path that lets attackers trigger the vulnerability via a manipulated user-callback flow in Win32k, enabling a full compromise of the affected process. ...
Microsoft Windows Win32k Elevation of Privilege (CVE-2022-21882)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2022-21882
Win32k Elevation of Privilege Vulnerability Recent assessments: gwillcox-r7 at January 18, 2022 4:35pm UTC reported: Looks like this is a LPE in win32k that is being exploited in the wild according to Microsoft to let attackers escalate their privileges to SYSTEM. Attack complexity on this is hig...
KB5009557: Windows 10 Version 1809 and Windows Server 2019 Security Update (January 2022)
The remote Windows host is missing security update 5009557. It is, therefore, affected by multiple vulnerabilities: - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. CVE-2022-21836 - A denial of service DoS vulnerabilit...