tags:kernellpe original link: Windows AppLocker Driver LPE Vulnerability: CVE-2024-21338 newsletter link: exploits.club Weekly Newsletter 33 - CPU Vulns, Breaking Samsung Bootloaders, Tony Hawk Pro Skater, And More


Exploits Club Summary:

In their first technical blog post, Crowdfense walks through a Windows vulnerability originally made famous by the Lazarus FudModule Rootkit. The admin-to-kernel privesc results from an untrusted pointer dereference in the appid.sys driver. The post briefly touches on the vulnerability before jumping straight into exploitation. While the bug gives complete control of the instruction pointer, bypassing SMEP and kCFG requires a data-only attack. The post concludes with two different demos, each leveraging a slightly different exploit technique.