Cyber Security Threat Summary:
The Microsoft Windows vulnerability CVE-2023-29336 (CVSS score 7.8) is an elevation of privilege issue that resides in the Win32k component. Win32k.sys is a system driver file in the Windows operating system. The driver is responsible for providing the interface between user-mode applications and the Windows graphical subsystem. The vulnerability is actively exploited in attacks. The issue can be chained with a code execution bug to spread malware. The vulnerability was reported by researchers Jan Vojtěšek, Milánek, and Luigino Camastra from Avast Antivirus firm. The researchers believe this flaw was used as part of an exploit chain to deliver malware.

Microsoft addressed the issue with the release of Patch Tuesday security updates for May 2023. Win32k.sys is loaded into memory during the system startup and remains active throughout the operating system’s runtime. A flaw in the Win32k.sys driver can be exploited by attackers to gain unauthorized access to a system. Researchers from Singapore-based cybersecurity firm Numen Cyber have published a detailed analysis of the vulnerability along with a proof-of-concept (PoC) exploit that works against Windows Server 2016.

Security Officer Comments:
While Windows 11 seems to be safe from this particular exploit, earlier versions are at significant risk. The flaw lies in the incomplete locking of the window and menu objects, leaving a gap that can be exploited. The vulnerability relies on leaked desktop heap handle addresses, making it exploitable with relatively straightforward methods. Prompt action is necessary to address this issue and apply necessary updates to protect older systems from potential attacks.

Suggested Correction(s):
System administrators and users of older Windows systems should take immediate steps to address the vulnerability and apply necessary patches or updates provided by Microsoft to protect their systems from potential attacks.

Link(s):
https://securityaffairs.com/147245/hacking/windows-cve-2023-29336-poc.html