loading

199464 author: ESETresearch@infosec.exchange 12 Mar 2025 07:11
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24983
tags: #ESETresearch #LPE #cve #pipemagic #w32process #waitforinputidle

#ESETresearch has discovered a zero day exploit abusing #CVE-2025-24983 vulnerability in the Windows kernel 🪟 to elevate privileges (#LPE). First seen in the wild in March 2023, the exploit was deployed through #PipeMagic backdoor on the compromised machines.

The exploit targets Windows 8.1 and Server 2012 R2. The vulnerability affects OSes released before Windows 10 build 1809, including still supported Windows Server 2016. It does not affect more recent Windows OSes such as Windows 11.

The vulnerability is a use after free in Win32k driver. In a certain scenario achieved using the #WaitForInputIdle API, the #W32PROCESS structure gets dereferenced one more time than it should, causing UAF. To reach the vulnerability, a race condition must be won.

The patches were released today. Microsoft advisory with security update details is available here:

Screenshot of CVE-2025-24983: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability - Security Vulnerability web page published by MSRC.

83435 author: ESETresearch@infosec.exchange 18 Oct 2024 08:50
tags: #ESETresearch

We are aware of a security incident which affected our partner company in Israel last week. Based on our initial investigation, a limited malicious email campaign was blocked within ten minutes. ESET technology is blocking the threat and our customers are secure. ESET was not compromised and is working closely with its partner to further investigate and we continue to monitor the situation.