The Microsoft Windows kernel suffers from an invalid read in nt!MiRelocateImage while parsing a malformed PE file.
14cc97653808a5e83777838181351383480596c1a9ab0edd737615c558008d89
The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiGetTextMetricsW.
452a60ea7f22d3485fb66dab895858ea5ae5d97f495c40b6a48d443f488ee463
The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiGetOutlineTextMetricsInternalW.
6b0483ac8c7084d6f07518a7b6d52ea02ea6b591c1326fd68c85a80992228041
The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k!NtGdiExtGetObjectW.
90e80047a0d4a132243baeb8aa21d9d09ad984a2f1de80601d1524f2fe7763a0
The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in exception handling (nt!KiDispatchException).
1b18eec30bf44bae86c16090bb09021fd1989f3f2f01f498da55a5b6f9f6af61
The Microsoft Windows kernel pool suffers from a memory disclosure vulnerability in nt!NtNotifyChangeDirectoryFile.
f5a62635848b4df66c3c59102dc9f94c3f3f64aebc7d20967a6ba6686ba929ab
The Microsoft Windows kernel pool suffers from a memory disclosure in nt!NtQueryVolumeInformationFile (FileFsVolumeInformation).
7a216b3d781e5f5b776596a2e128a625b18fd8d53060b09e7eb8616feefe756d
The Microsoft Windows kernel suffers from a partmgr pool memory disclosure vulnerability in the handling of IOCTL_DISK_GET_DRIVE_LAYOUT_EX.
134ea7f8792cd34df31a86be6a4e9d5ffad6bfeb7e4424af236c06797fbae602
The Microsoft Windows kernel suffers from a partmgr pool memory disclosure vulnerability in the handling of IOCTL_DISK_GET_DRIVE_GEOMETRY_EX.
f6a18f75cd5bd00f8723ff33247243f8f2cc1a2f282d950fba1442c7408c376b
The Microsoft Windows kernel suffers from a volmgr pool memory disclosure vulnerability in the handling of IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS.
95f61aaad5708f6ec6b3bf9039b7ee243415d5f2667fb8e8ab3e2bed6bcbea1c
The IOCTL sent to the \Device\KsecDD device by the BCryptOpenAlgorithmProvider documented API returns some uninitialized pool memory in the output buffer of the Microsoft Windows kernel.
181298dc8125caa44fe653cf66bdd843a48995cabcaa9871caa7e906bd030711
The Microsoft Windows kernel pool suffers from a memory disclosure due to output structure alignment in win32k!NtGdiGetOutlineTextMetricsInternalW.
4e14cf8a1b4405808b8fbc591bba527439874570559f5451600a9def5ef7dc0a
On April 14, 2017, the Shadow Brokers Group released the FUZZBUNCH framework, an exploitation toolkit for Microsoft Windows. The toolkit was allegedly written by the Equation Group, a highly sophisticated threat actor suspected of being tied to the United States National Security Agency (NSA). The framework included ETERNALBLUE, a remote kernel exploit originally targeting the Server Message Block (SMB) service on Microsoft Windows XP (Server 2003) and Microsoft Windows 7 (Server 2008 R2). In this paper, the RiskSense Cyber Security Research team analyzes how using wrong-sized CPU registers leads to a seemingly innocuous mathematical miscalculation. This causes a chain reaction domino effect ultimately culminating in code execution, making ETERNALBLUE one of the most complex exploits ever written. They will discuss what was necessary to port the exploit to Microsoft Windows 10, and future mitigations Microsoft has already deployed, which can prevent vulnerabilities of this class from being exploited in the future. The FUZZBUNCH version of the exploit contains an Address Space Layout Randomization (ASLR) bypass, and the Microsoft Windows 10 version required an additional Data Execution Prevention (DEP) bypass not needed in the original exploit.
fa13189f37eae3318ce25b3bd600e5e83270e401b53f1a2fd4a6340b7b1a8803
Two related bugs have been discovered in the Microsoft Windows kernel code responsible for implementing the bind() socket function, specifically in the afd!AfdBind and tcpip!TcpBindEndpoint routines. They both can lead to reading beyond the allocated pool-based buffer memory area, potentially allowing user-mode applications to disclose kernel-mode secrets. They can also be exploited to trigger a blue screen of death and therefore a denial of service condition.
9b41916531e305ccf017e5064b5a3412788fbaa21187262224130f6886d5a773
The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32kfull!SfnINLPUAHDRAWMENUITEM.
4c9b80091c609bb2d3baf00d69e5a53a22ed77aecd51bfbe4eab9ab9d4f8ecd1
The Microsoft Windows kernel suffers from hive loading crashes in nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages.
c0c9f385d6a3ca0455940f14112e0baedb6607593051dca745cd9940fced29ca
The Microsoft Windows kernel suffers from a denial of service vulnerability as outlined in MS16-135.
5608064a4460ba56d403e729eaccc16f8c142217f04dfd4665278341d37ca2f8
The Microsoft Windows kernel suffers from an NtUserScrollDC memory corruption vulnerability.
9c9d7819c17ae0f14fbcf5250fe9bc87ec36941d7e0e1a71bc9c128bc94d7ef8
The Microsoft Windows kernel suffers from a use-after-free vulnerability with device contexts and NtGdiSelectBitmap.
f9138be83b6665e583fb9a0c2edbf82da6a8ba0567aba68654dad7c01ffa36d5
The Microsoft Windows kernel suffers from a use-after-free vulnerability in BGetRealizedBrush.
9748fca6fbb5ef34f232cdeeda20cce0f47e4feea1fa4c9a9f7b321d183c13cb
The Microsoft Windows kernel suffers from a FlashWindowEx related memory corruption vulnerability.
aa59811bd905801dec0d9cc27fe51730ae27b8776b206fdd60d6a08739d77ef3
The Microsoft Windows kernel suffers from a use-after-free vulnerability related to DeferWindowPos.
9efdbf279fadc7781fc05c4c484e7fa55163ee3b825c2a7de5f5e364ae5d2187
The Microsoft Windows kernel suffers from a use-after-free vulnerability in printer device contexts.
a07b9af66e76968a00a50316dfce34128aec9040ef04506e03d9536f8f6a3dfe
The Microsoft Windows kernel suffers from a use-after-free vulnerability in the cursor object.
95d27966a74a174f8e04f20a3a1138c7d875365b2e9461676084a3fa4f84f1a6
The Microsoft Windows kernel suffers from a pool buffer overflow in NtGdiStretchBlt.
cec5a4d82cefd5f7408a48e23c6eaff40a66ebae181a5611b5534e09b970f5cc
The Microsoft Windows kernel suffers from a buffer overflow vulnerability in Win32k!vSolidFillRect.
25f32ba5359a051b672c78122c332f74c82b3772f7ba804f808898f00fe1a921