Security News > 2023 > June > PoC released for Windows Win32k bug exploited in attacks
Researchers have released a proof-of-concept exploit for an actively exploited Windows local privilege escalation vulnerability fixed as part of the May 2023 Patch Tuesday.
To raise awareness about the actively exploited flaw, and the need to apply Windows security updates, CISA also published an alert and added it to its "Known Exploited Vulnerabilities" catalog.
Exactly a month after the patch became available, security analysts at Web3 cybersecurity firm Numen have now released full technical details on the CVE-2023-29336 flaw and a PoC exploit for Windows Server 2016.
While the vulnerability is actively exploited, Microsoft says it only affects older versions of Windows, including older Windows 10 versions, Windows Server, and Windows 8, and does not affect Windows 11.
By analyzing the vulnerability on Windows Server 2016, Numen's researchers found that Win32k only locks the window object but fails to lock the nested menu object.
It is recommended that all Windows users apply the May 2023 patch, which, apart from the particular flaw, fixed two more zero-day vulnerabilities that hackers actively exploited.
News URL
Related news
- Week in review: Windows Server 2025 gets hotpatching option, PoC for SolarWinds WHD flaw released (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-09 | CVE-2023-29336 | Use After Free vulnerability in Microsoft products Win32k Elevation of Privilege Vulnerability | 7.8 |