0. Introduction This article introduces the CVE-2023-24949 vulnerability, whose full English name is “Windows Kernel Elevation of Privilege Vulnerability”, indicating that the vulnerability is located in ntoskrnl.exe. According to the official advisory, an attacker can exploit this vulne
0. Preface This article introduces the CVE-2023-21554 vulnerability, which exists in Microsoft’s Message Queuing (MSMQ) service. Due to the service’s lack of proper validation of data packets, an attacker can exploit this vulnerability to achieve remote code execution.
As I was not famil
1. Preface This article analyzes the CVE-2023-21768 vulnerability, which resides in the AFD (Ancillary Function Driver) driver of the Windows operating system. Throughout this post, “the original article” refers to reference [1]. By studying that article, I reproduced and rewrote the exp
0. Preface As we all know, win32k has contributed significantly to Windows privilege escalation vulnerabilities in recent years. I have always wanted to understand the principles of these vulnerabilities and read many related papers for this purpose. However, as a novice in kernel vulnerability rese
0. Preface CVE-2023-21752 is the first Microsoft vulnerability of 2023 to have a public exploit. Initially, I thought it would be straightforward to analyze given the availability of exploit code. However, it ended up taking a significant amount of time. The primary challenges lay in two areas: loca
0. Preface This is an incomplete introduction to CSRSS. Since I was analyzing CSRSS-related vulnerabilities recently, I organized some related knowledge. Therefore, you cannot fully understand CSRSS solely through this article. However, if this article can answer some of your questions while learnin