A proof of concept that relates to a Win32k vulnerability that was patched in May’s “patch Tuesday” release has been released by security researchers:
The vulnerability is tracked as CVE-2023-29336 and was originally discovered by cybersecurity firm Avast. It was assigned a CVSS v3.1 severity rating of 7.8 as it allows low-privileged users to gain Windows SYSTEM privileges, the highest user mode privileges in Windows
Avast says they discovered the vulnerability after it was actively exploited as a zero-day in attacks. However, the company has declined to share further details with BleepingComputer, so it is unclear how it was abused.
To raise awareness about the actively exploited flaw, and the need to apply Windows security updates, CISA also published an alert and added it to its “Known Exploited Vulnerabilities” catalog.
Exactly a month after the patch became available, security analysts at Web3 cybersecurity firm Numen have now released full technical details on the CVE-2023-29336 flaw and a PoC exploit for Windows Server 2016.
To be clear, this is a threat to anyone running running Windows 8, 10 and Windows Server 2016. Windows 11 users appear to be immune.
Joe Saunders, CEO, RunSafe Security had this comment on this bug:
“We need to pursue ways to protect HEAP and STACK from attacks through memory safety techniques. About 60% of known memory vulns have active exploits available, but it pays to address the entire class of vulns through memory safety as opposed to chasing each one, vuln by vuln with patch by patch.”
To protect yourself from this vulnerability, your best course of action is to make sure your Windows systems are fully patched. At least until the next vulnerability appears.
Like this:
Like Loading...
Related
This entry was posted on June 10, 2023 at 8:15 am and is filed under Commentary with tags Avast. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
PoC Released For Windows Win32k Bug That Was Exploited In Attacks
A proof of concept that relates to a Win32k vulnerability that was patched in May’s “patch Tuesday” release has been released by security researchers:
The vulnerability is tracked as CVE-2023-29336 and was originally discovered by cybersecurity firm Avast. It was assigned a CVSS v3.1 severity rating of 7.8 as it allows low-privileged users to gain Windows SYSTEM privileges, the highest user mode privileges in Windows
Avast says they discovered the vulnerability after it was actively exploited as a zero-day in attacks. However, the company has declined to share further details with BleepingComputer, so it is unclear how it was abused.
To raise awareness about the actively exploited flaw, and the need to apply Windows security updates, CISA also published an alert and added it to its “Known Exploited Vulnerabilities” catalog.
Exactly a month after the patch became available, security analysts at Web3 cybersecurity firm Numen have now released full technical details on the CVE-2023-29336 flaw and a PoC exploit for Windows Server 2016.
To be clear, this is a threat to anyone running running Windows 8, 10 and Windows Server 2016. Windows 11 users appear to be immune.
Joe Saunders, CEO, RunSafe Security had this comment on this bug:
“We need to pursue ways to protect HEAP and STACK from attacks through memory safety techniques. About 60% of known memory vulns have active exploits available, but it pays to address the entire class of vulns through memory safety as opposed to chasing each one, vuln by vuln with patch by patch.”
To protect yourself from this vulnerability, your best course of action is to make sure your Windows systems are fully patched. At least until the next vulnerability appears.
Share this:
Like this:
Related
This entry was posted on June 10, 2023 at 8:15 am and is filed under Commentary with tags Avast. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.