{"id":14208,"date":"2020-04-24T00:51:01","date_gmt":"2020-04-23T22:51:01","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=14208"},"modified":"2020-04-24T00:51:01","modified_gmt":"2020-04-23T22:51:01","slug":"poc-fr-windows-10-schwachstelle-cve-2020-0624","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/04\/24\/poc-fr-windows-10-schwachstelle-cve-2020-0624\/","title":{"rendered":"PoC for Windows 10 Vulnerability CVE-2020-0624"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/win102.jpg\" width=\"58\" align=\"left\" height=\"58\">[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/04\/24\/poc-fr-windows-10-schwachstelle-cve-2020-0624\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]On patchday, January 14, 2020, Microsoft has closed the vulnerability CVE-2020-0624 (Win32k Elevation of Privilege) with security updates. Now I have found a Proof of Concept (PoC).<\/p>\n<p><!--more--><\/p>\n<h2>Vulnerability CVE-2020-0624<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg07.met.vgwort.de\/na\/ab43eebe73de40eab54f12457abb4cac\" width=\"1\" height=\"1\">In Windows, an Elevation of Privilege vulnerability <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-0624\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2020-0624<\/a> exists in the Win32k file. The vulnerability is privilege escalation because the Win32k component does not handle objects in memory correctly. <\/p>\n<p>An attacker who successfully exploited this vulnerability could execute arbitrary code in kernel mode. This would allow the attacker to install programs, view, modify, or delete data, and create new accounts with full user privileges.<\/p>\n<p>However, to exploit this vulnerability, an attacker would have to log on to the system first. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.<\/p>\n<h2>Affected systems<\/h2>\n<p>The following Windows systems are affected by the vulnerability, which Microsoft considers unlikely to be exploited:<\/p>\n<ul>\n<li>Windows 10 Version 1903\n<li>Windows 10 Version 1909\n<li>Windows Server Version 1903 (Core)<\/li>\n<\/ul>\n<p>Microsoft has released security update KB4528760 on January 14, 2020 to close the vulnerability (see <a href=\"https:\/\/borncity.com\/win\/2020\/01\/15\/patchday-windows-10-updates-january-14-2020\/\">Patchday Windows 10-Updates (January 14, 2020)<\/a>). However, update KB4528760 caused several problems (see links at the end of this article). <\/p>\n<h2>Proof of Concept for CVE-2020-0624<\/h2>\n<p>The following tweet brought me across a use-after-free proof of concept (PoC) for CVE-2020-0624 by James William.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Windows 10 win32k EoP vulnerability proof-of-concept code.<br \/>CVE-2020-0624<a href=\"https:\/\/t.co\/nq8bEMdX10\">https:\/\/t.co\/nq8bEMdX10<\/a><\/p>\n<p>\u2014 James Willy (@james0x40) <a href=\"https:\/\/twitter.com\/james0x40\/status\/1252950936684843008?ref_src=twsrc%5Etfw\">April 22, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>The code may be fount at <a href=\"https:\/\/github.com\/james0x40\/CVE-2020-0624\">GitHub<\/a>.<\/p>\n<p><strong>Similar articles:<\/strong><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/01\/15\/patchday-windows-10-updates-january-14-2020\/\">Patchday Windows 10-Updates (January 14, 2020)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/02\/02\/windows-10-issues-with-update-kb4528760-kb4532695\/\">Windows 10: Issues with Update KB4528760 \/ KB4532695<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/01\/26\/windows-10-installationsprobleme-mit-update-kb4528760-wegen-fehlender-connect-app\/\">Windows 10: Installation issues with Update KB4528760 due to missing Connect-App?<\/a><a href=\"https:\/\/borncity.com\/win\/2020\/01\/20\/windows-10-v1909-update-kb4528760-drops-error-0x800f081f\/\">Windows 10 V1909: Update KB4528760 drops error 0x800F081F<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]On patchday, January 14, 2020, Microsoft has closed the vulnerability CVE-2020-0624 (Win32k Elevation of Privilege) with security updates. Now I have found a Proof of Concept (PoC).<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[2403,2234,69,76],"class_list":["post-14208","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-cve-2020-0624-update","tag-kb4528760","tag-security","tag-windows-10"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14208","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=14208"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14208\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=14208"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=14208"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=14208"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}