Security News > 2020 > April > ‘Zombie’ Windows win32k bug reanimated by researcher

‘Zombie’ Windows win32k bug reanimated by researcher
2020-04-03 10:29

In a rare find, a researcher has unveiled dozens of related bugs in a core Windows API that could enable attackers to elevate their privileges in the operating system.

The bugs take advantage of a long-understood problem with win32k, which is the user interface kernel component in Windows.

The attacker, working in user mode, asks Windows to destroy the parent window that's running in kernel mode.

Windows can't do that until the parent window has finished everything it was doing in kernel mode, so instead it marks the parent for destruction when it's ready.

The bug uses a concept called zombie reloading to make changes to the zombie object before Windows removes it.


News URL

https://nakedsecurity.sophos.com/2020/04/03/zombie-windows-win32k-bug-reanimated-by-researcher/