Get in Touch
Please get in touch using the form below.
Windows Vulnerability allows for privilege escalation from a new public exploit
Overview
A new exploit was discovered by security researchers that allows for privilege escalation on Windows Operating Systems via the Win32k.sys driver. While the publication of the exploit, and the patch to remediate it, are new, the vulnerability was first identified 2 years ago by different security researcher.
Impact
Successfully exploitation of the bug allows for admin privileges to be gained.
Affected Products
– Windows 10
– Windows Server 2019 and 2022
– Windows 11
Vulnerability Detection
N/A
Containment, Mitigations & Remediations
Apply the January 2022 Security updates
Indicators of Compromise
There are currently no IOCs
Threat Landscape
The security researcher (RyeLv) has made his proof of concept exploit public following the provision, by Microsoft, to patch impacted systems. However, many System Administrators delayed deploying the January 2022 patch set because of a number of operational issues being reported. This may leave even normally well patched devices susceptible to compromise via this vulnerability.
The earlier reporting (and potential remediation) of this vulnerability has been attributed the reduces bug bounties that Microsoft has been offering to researchers.
Mitre Mapping
T1068 – Exploitation for Privilege Escalation
Further Information
Windows vulnerability with new public exploits lets you become admin
Expert releases PoC for CVE-2022-21882 Windows local privilege elevation issue
Win32k Elevation of Privilege Vulnerability – CVE-2022-21882