all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Exploiting a Flaw in Bitmap Handling in Windows User-Mode Printer Drivers

Add to bookmarks
Aug. 2, 2023, 4:09 p.m. | Guest Blogger

Zero Day Initiative - Blog www.zerodayinitiative.com

In this guest blog from researcher Marcin Wiązowski, he details CVE-2023-21822 – a Use-After-Free (UAF) in win32kfull that could lead to a privilege escalation. The bug was reported through the ZDI program and later patched by Microsoft. Marcin has graciously provided this detailed write-up of the vulnerability, examines how it could be exploited, and a look at the patch Microsoft released to address the bug.


In the Windows kernel, there are three APIs intended for general use by device drivers …

blog blog post bug cve drivers escalation exploiting flaw free guest blog handling microsoft mode printer privilege privilege escalation program researcher uaf use-after-free vulnerability windows write-up zdi

Visit resource

More from www.zerodayinitiative.com / Zero Day Initiative - Blog

CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud 2 days, 17 hours ago | www.zerodayinitiative.com
abusing blog blog post bug +23
MindShaRE: Decapping Chips for Electromagnetic Fault Injection (EMFI) 1 week, 2 days ago | www.zerodayinitiative.com
attack automotive blog blog post +12
The May 2024 Security Update Review 2 weeks, 4 days ago | www.zerodayinitiative.com
adobe blog post can check +16
CVE-2024-21115: An Oracle VirtualBox LPE Used to Win Pwn2Own 3 weeks, 2 days ago | www.zerodayinitiative.com
april blog blog post bug +18
CVE-2024-2887: A Pwn2Own Winning Bug in Google Chrome 4 weeks, 2 days ago | www.zerodayinitiative.com
blog blog post browsers bug +20
CVE-2024-20697: Windows Libarchive Remote Code Execution Vulnerability 1 month, 2 weeks ago | www.zerodayinitiative.com
amp blog post bug code +25
The April 2024 Security Updates Review 1 month, 3 weeks ago | www.zerodayinitiative.com
adobe april blog post can +12
Pwn2Own Vancouver 2024 - Day Two Results 2 months, 1 week ago | www.zerodayinitiative.com
blog post chrome edge event +10
Pwn2Own Vancouver 2024 - Day One Results 2 months, 1 week ago | www.zerodayinitiative.com
blog blog post browser day one +11

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com