tags:windowsstreaming_servicekernelpwn2ownOOB_readOOB_write original link: Streaming vulnerabilities from Windows Kernel (Part 1): Proxying to Kernel newsletter link: exploits.club Weekly Newsletter 36 - Regex Fuzzing, C++ Metadata, Kernel Streaming, And More
Exploits Club Summary:
DEVCORE took to the internet this week to give you one of the best Microsoft Kernel Streaming Service overviews that exist on the web at the moment. The post looks at the attack surface as a whole, including a brief review of two previous vulnerabilities. It then does a deep dive into Kernel Streaming, looking at the core functionality, how we interact with the devices, and its architecture from an attackerâs point of view. Finally, the post reviews the vulnerability and exploit the team used in Pwn2Own 2024. Itâs a banger of a post; we highly recommend checking it out.