loader gif

One Bit to Rule a System: Analyzing CVE-2016-7255 Exploit in the Wild

One Bit to Rule a System: Analyzing CVE-2016-7255 Exploit in the Wild (Malware and Vulnerabilities)

Recently, Google researchers discovered a local privilege escalation vulnerability in Windows which was being used in zero-day attacks, including those carried out by the Pawn Storm espionage group. Microsoft was able to release a patch by the next Patch Tuesday. The vulnerability is in the win32k.sys kernel module, which is a well-known attack surface. This vulnerability gives an attacker the capability to set one bit to an arbitrary kernel address. Microsoft is continuously working to improve the security of win32k.sys, as this is a frequent target of attackers looking for vulnerabilities in Windows. New mitigation mechanisms have been added into Windows, and in fact this attack would not work on a system running the latest version of Windows 10.

loader gif