tags:methodologydosuafwindowssecure_channel original link: Introduction To Windows Secure Channel RCE: CVE-2024-28148 newsletter link: exploits.club Weekly Newsletter 35 - NPU exploits, Phrack 71, 2014 Tablet Hacks, and More


Exploits Club Summary:

In a new post this week, @vv474172261 shows us how a DOS bug may actually just be a skill issue. The post takes a look at a UAF in Windows Secure Channel (CVE-2024-38148), walking through a quick patch diff, running through an RCA, and explaining why Microsoft is wrong to think its not exploitable. The most interesting part about the post, though, is what inspired Victor to look at the patch. Turns out, he had previously audited secure channel before and includes some reflections on how he missed the vuln and his takeaways moving forward.