PoC released for Windows Win32k bug exploited in attacks

From bleepingcomputer.com

Researchers have released a proof-of-concept (PoC) exploit for an actively exploited Windows local privilege escalation vulnerability fixed as part of the May 2023 Patch Tuesday.

The Win32k subsystem (Win32k.sys kernel driver) manages the operating system’s window manager, screen output, input, and graphics, and acts as an interface between various types of input hardware.

As such, exploiting these types of vulnerabilities tends to provide elevated privileges or code execution.

The vulnerability is tracked as CVE-2023-29336 and was originally discovered by cybersecurity firm Avast. It was assigned a CVSS v3.1 severity rating of 7.8 as it allows low-privileged users to gain Windows SYSTEM privileges, the highest user mode privileges in Windows

Avast says they discovered the vulnerability after it was actively exploited as a zero-day in attacks. However, the company has declined to share further details with BleepingComputer, so it is unclear how it was abused.

Read more…