Windows Win32k Local Privilege Escalation Vulnerability

vendor:

Windows 10

by:

Exploit Database

7.8

CVSS

HIGH

Local Privilege Escalation

269

CWE

Product Name: Windows 10

Affected Version From: Windows 10 Version 2004

Affected Version To: Windows 10 Version 20H2

Patch Exists: YES

Related CWE: CVE-2020-17087

CPE: o:microsoft:windows_10:2004

Metasploit: https://www.rapid7.com/db/vulnerabilities/msft-cve-2020-17087/

Other Scripts: N/A

Platforms Tested: Windows

2020

Windows Win32k Local Privilege Escalation Vulnerability

This exploit is a local privilege escalation vulnerability in Windows Win32k. It allows an attacker to gain SYSTEM privileges by exploiting a race condition in the xxHMValidateHandle and NtAllocateVirtualMemory functions. The exploit works by allocating a memory region with NtAllocateVirtualMemory, then calling xxHMValidateHandle to overwrite the memory region with a specially crafted structure. This structure contains a pointer to a function that will be executed with SYSTEM privileges.

Mitigation:

Microsoft has released a patch to address this vulnerability.

Source

Windows Win32k Local Privilege Escalation Vulnerability

Mitigation:

Exploit-DB raw data: