PoC for Windows 10 Vulnerability CVE-2020-0624

[German]On patchday, January 14, 2020, Microsoft has closed the vulnerability CVE-2020-0624 (Win32k Elevation of Privilege) with security updates. Now I have found a Proof of Concept (PoC).


Advertising

Vulnerability CVE-2020-0624

In Windows, an Elevation of Privilege vulnerability CVE-2020-0624 exists in the Win32k file. The vulnerability is privilege escalation because the Win32k component does not handle objects in memory correctly.

An attacker who successfully exploited this vulnerability could execute arbitrary code in kernel mode. This would allow the attacker to install programs, view, modify, or delete data, and create new accounts with full user privileges.

However, to exploit this vulnerability, an attacker would have to log on to the system first. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

Affected systems

The following Windows systems are affected by the vulnerability, which Microsoft considers unlikely to be exploited:

  • Windows 10 Version 1903
  • Windows 10 Version 1909
  • Windows Server Version 1903 (Core)

Microsoft has released security update KB4528760 on January 14, 2020 to close the vulnerability (see Patchday Windows 10-Updates (January 14, 2020)). However, update KB4528760 caused several problems (see links at the end of this article).


Advertising

Proof of Concept for CVE-2020-0624

The following tweet brought me across a use-after-free proof of concept (PoC) for CVE-2020-0624 by James William.

The code may be fount at GitHub.

Similar articles:
Patchday Windows 10-Updates (January 14, 2020)
Windows 10: Issues with Update KB4528760 / KB4532695
Windows 10: Installation issues with Update KB4528760 due to missing Connect-App?Windows 10 V1909: Update KB4528760 drops error 0x800F081F


Cookies helps to fund this blog: Cookie settings
Advertising


##1

This entry was posted in Security, Windows and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *