Microsoft Windows bindflt Driver Missing Authentication Privilege Escalation Vulnerability

ID ZDI-20-1365
Type zdi
Reporter whoami
Modified 2020-11-12T00:00:00


This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the bindflt.sys driver. A crafted request with an IOCTL of 0x220000 can perform remapping of directories. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM.