Researchers have found more ways to exploit versions of Windows 10

A new proof-of-concept was released

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity researchers from Numen have found more ways to exploit older versions ofWindows 10.

Earlier this week, the company’s experts published a proof-of-concept (PoC) exploit for a flaw known to be used by threat actors in the wild. The vulnerability is tracked as CVE-2023-29336, and carries a severity rating of 7.8.

Threat actors abusing it can elevate low-privilege users to SYSTEM privileges, granting them the ability to run arbitrary code on target endpoints. It affects the Win32k subsystem which handles the communication between input hardware and components such as screen output and graphics.

Older versions affected

The flaw was initially discovered by researchers from Avast, which said hackers used it inzero-day attacks. Now, Numen’s PoC shows how the exploit can be leveraged in Windows Server 2016, too.

While older versions of Windows 10, Windows Server, andWindows 8, are vulnerable, newer versions, such asWindows 11, are immune, it was said.

Microsoftpatched the vulnerability last month, with the Patch Tuesday May 2023 cumulative update.

“While this vulnerability seems to be non-exploitable on the Win11 system version, it poses a significant risk to earlier systems,” Numen said. “Exploitation of such vulnerabilities has a notorious track record.” The researchers argue that it doesn’t take a highly experienced hacker to leverage the flaw either.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Clop ransomware may have infected even more victims than previously thought>Saks Fifth Avenue becomes latest Clop ransomware victim>Check out the best firewall tools right now

IT teams worried about being targeted through this flaw should keep a close eye on offset reads and writes in memory, or related window objects, for anything out of the ordinary. That, the researchers say, is one of the biggest indicators of compromise in this case, and suggests local privilege escalation.

“Apart from diligently exploring different methods to gain control over the first write operation using the reoccupied data from freed memory, there is typically no need for novel exploitation techniques,” reads the report.

IT teams are advised to apply Microsoft’s patch as soon as possible.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

7 myths about email security everyone should stop believing

Best Usenet client of 2024

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time