all InfoSec news
Exploiting a Flaw in Bitmap Handling in Windows User-Mode Printer Drivers
Zero Day Initiative - Blog www.zerodayinitiative.com
In this guest blog from researcher Marcin Wiązowski, he details CVE-2023-21822 – a Use-After-Free (UAF) in win32kfull that could lead to a privilege escalation. The bug was reported through the ZDI program and later patched by Microsoft. Marcin has graciously provided this detailed write-up of the vulnerability, examines how it could be exploited, and a look at the patch Microsoft released to address the bug.
In the Windows kernel, there are three APIs intended for general use by device drivers …
blog blog post bug cve drivers escalation exploiting flaw free guest blog handling microsoft mode printer privilege privilege escalation program researcher uaf use-after-free vulnerability windows write-up zdi