How can we help?
A new exploit was discovered by security researchers that allows for privilege escalation on Windows Operating Systems via the Win32k.sys driver. While the publication of the exploit, and the patch to remediate it, are new, the vulnerability was first identified 2 years ago by different security researcher.
Successfully exploitation of the bug allows for admin privileges to be gained.
– Windows 10
– Windows Server 2019 and 2022
– Windows 11
Containment, Mitigations & Remediations
Apply the January 2022 Security updates
Indicators of Compromise
There are currently no IOCs
The security researcher (RyeLv) has made his proof of concept exploit public following the provision, by Microsoft, to patch impacted systems. However, many System Administrators delayed deploying the January 2022 patch set because of a number of operational issues being reported. This may leave even normally well patched devices susceptible to compromise via this vulnerability.
The earlier reporting (and potential remediation) of this vulnerability has been attributed the reduces bug bounties that Microsoft has been offering to researchers.
T1068 – Exploitation for Privilege Escalation