Home / About / Threat Intelligence / Windows Vulnerability allows for privilege escalation from a new public exploit

Overview

A new exploit was discovered by security researchers that allows for privilege escalation on Windows Operating Systems via the Win32k.sys driver. While the publication of the exploit, and the patch to remediate it, are new, the vulnerability was first identified 2 years ago by different security researcher.

Impact

Successfully exploitation of the bug allows for admin privileges to be gained.

Affected Products

– Windows 10
– Windows Server 2019 and 2022
– Windows 11

Vulnerability Detection

N/A

Containment, Mitigations & Remediations

Apply the January 2022 Security updates

Indicators of Compromise

There are currently no IOCs

Threat Landscape

The security researcher (RyeLv) has made his proof of concept exploit public following the provision, by Microsoft, to patch impacted systems. However, many System Administrators delayed deploying the January 2022 patch set because of a number of operational issues being reported. This may leave even normally well patched devices susceptible to compromise via this vulnerability.

The earlier reporting (and potential remediation) of this vulnerability has been attributed the reduces bug bounties that Microsoft has been offering to researchers.

Mitre Mapping

T1068 – Exploitation for Privilege Escalation

Further Information

Windows vulnerability with new public exploits lets you become admin

Expert releases PoC for CVE-2022-21882 Windows local privilege elevation issue

Win32k Elevation of Privilege Vulnerability – CVE-2022-21882