Throttlestop Kernel Driver - Kernel Out-of-Bounds Write Privilege Escalation

Exploit Title: Throttlestop Kernel Driver - Kernel Out-of-Bounds Write Privilege Escalation Exploit Details: https://xavibel.com/2025/12/22/using-vulnerable-drivers-in-red-team-exercises/ Date: 8/12/2025 Exploit Author: Xavi Beltran Vendor Homepage:...

Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver BYOVD technique to silence security tools running on compromised hosts, according to findings from Cisco Talos and Trend Micro. Qilin attacks analyzed by Talos have...

PT-2026-6023

🚨 KillChain Exploit: New CVE-2026-0828 Lets Attackers Terminate ANY Windows Process – Including Protected Services! + Video https://t.co/vJHOSzES6E Educational Purposes!...

EUVD-2025-23820

Malicious code in bioql PyPI...

Exploit for CVE-2025-7771

CVE-2025-7771 Minimal exploit to...

Exploit for CVE-2025-7771

CVE-2025-7771 – ThrottleStop.sys Privilege Escalation Vuln...

CVE-2025-7771

ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke...

CVE-2025-7771

ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke...

Driver of destruction: How a legitimate driver is being used to take down AV processes

Introduction In a recent incident response case in Brazil, we spotted intriguing new antivirus AV killer software that has been circulating in the wild since at least October 2024. This malicious artifact abuses the ThrottleStop.sys driver, delivered together with the malware, to terminate numero...

CVE-2025-7771 Code Execution / Escalation of Privileges in ThrottleStop

ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke...

CVE-2025-7771 Code Execution / Escalation of Privileges in ThrottleStop

ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke...

TechPowerUp ThrottleStop 安全漏洞

TechPowerUp ThrottleStop is a software for monitoring and tuning CPU performance from TechPowerUp, Inc. A security vulnerability exists in TechPowerUp ThrottleStop version 3.0.0.0 that originates from allowing physical memory reads and writes, which could result in elevated privileges...

PT-2025-32145

Name of the Vulnerable Software and Affected Versions ThrottleStop versions 3.0.0.0 and possibly others ThrottleStop.sys affected versions not specified Description The ThrottleStop.sys driver contains a flaw related to insecure implementation of IOCTL interfaces, specifically with the MmMapIoSpa...