For a Windows local privilege escalation vulnerability that was patched as part of the May 2023 Patch Tuesday, researchers have published a proof-of-concept (PoC) exploit.
The Win32k subsystem (Win32k.sys kernel driver) controls the operating system’s window manager and handles screen output, input, and graphics in addition to serving as an interface for various types of input hardware.
Since they usually grant elevated rights or code execution, these kinds of vulnerabilities are often exploited.
Avast, a company that specialises in cybersecurity, first identified the flaw, which is tracked as CVE-2023-29336. It was given a CVSS v3.1 severity rating of 7.8, as it enables low-privileged users to obtain Windows SYSTEM privileges, the highest user mode privileges in Windows.
CISA also released a warning and listed it in its database of “Known Exploited Vulnerabilities” in order to inform people about the actively exploited vulnerability and the importance of installing Windows security upgrades.
