Researchers have discovered an actively exploited vulnerability in Microsoft Windows, tracked as CVE-2023-29336, which allows attackers to gain system privileges. The flaw resides in the Win32k component, specifically in the Win32k.sys system driver file responsible for the interface between user-mode applications and the Windows graphical subsystem.
The vulnerability, actively exploited in attacks, poses a significant risk as it can be combined with a code execution bug to facilitate the spread of malware. Researchers from Avast Antivirus reported the flaw, identifying it as part of an exploit chain used to deliver malware.
Microsoft addressed the issue by releasing Patch Tuesday security updates for May 2023. Although the vulnerability is non-exploitable on Windows 11 systems, it remains a security risk for earlier systems.
The flaw arises from an oversight in locking the menu object nested within the window object, allowing unauthorized access.
Researchers from Numen Cyber, a Singapore-based cybersecurity firm, published a detailed analysis of the vulnerability, including a proof-of-concept exploit targeting Windows Server 2016. Exploiting this vulnerability does not require novel techniques but rather relies on leaked desktop heap handle addresses.
Thoroughly addressing this issue is crucial to mitigating the security risk posed to older systems.
