Vulnerability Summary

CVE-2020-0986, which was exploited in the wild[1] was not fixed. The vulnerability still exists, just the exploitation method had to change. A low integrity process can send LPC messages to splwow64.exe (Medium integrity) and gain a write-what-where primitive in splwow64’s memory space. The attacker controls the destination, the contents that are copied, and the number of bytes copied through a memcpy call.

Vulnerability Trend

Github Repositories

CVE-2020-17008 splWOW64 Elevation of Privilege

CVE-2020-17008 splWOW64 Elevation of Privilege C:\Windows\splwow64exe Poc From: bugschromiumorg/p/project-zero/issues/detail?id=2096 0x01 set splwow64_pocexe Low cd splwow64_poc\x64\Release icacls splwow64_pocexe /setintegritylevel L /setintegritylevel [(CI)(OI)]级别将完整性 ACE 显式 添加到所有匹配文件。要指定的级别为以下级别

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASL (1) ASPNET (1) ActionScript (1) Arduino (2) Assembly (7) AutoHotkey (2) Batchfile (16) BitBake (5) Boo (1) C (286) C# (212) C++ (225) CMake (2) CSS (66) Classic ASP (2) Clojure (1) CoffeeScript (1) ColdFusion (1) Dart (1) Dockerfile (37) Emacs Lisp (1) Erlang (1) F# (2) Go (531) HCL (4)

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

Recent Articles

Windows Zero-Day Still Circulating After Faulty Fix
Threatpost • Tara Seals • 24 Dec 2020

A high-severity Windows zero-day that could lead to complete desktop takeover remains dangerous after a “fix” from Microsoft failed to adequately patch it.
The local privilege-escalation bug in Windows 8.1 and Windows 10 (CVE-2020-0986) exists in the Print Spooler API. It could allow a local attacker to elevate privileges and execute code in the context of the current user, according to Microsoft’s advisory issued in June. An attacker would first have to log on to the system, but cou...

Windows zero-day with bad patch gets new public exploit code
BleepingComputer • Ionut Ilascu • 23 Dec 2020

Back in June, Microsoft released a fix for a vulnerability in the Windows operating system that enabled attackers to increase their permissions to kernel level on a compromised machine. The patch did not stick.
The issue, which advanced hackers exploited as a zero-day in May, is still exploitable but by a different method as security researchers demonstrate with publicly available proof-of-concept code.
Google Project Zero security researcher Maddie Stone discovered that Microsoft’...