Windows Sockets: From Registered I/O to SYSTEM Privileges

[varwar]

This post discusses CVE-2024-38193, a use-after-free vulnerability in the afd.sys Windows driver. Specifically, the vulnerability is in the Registered I/O extension for Windows sockets. The vulnerability was patched in the August 2024 Patch Tuesday. This post describes the exploitation process for the vulnerability.

Бага использовалась Лазарем в цепочке с Chrome для развертывания руткита FudModule.

Source: https://blog.exodusintel.com/2024/12/02/windows-sockets-from-registered-i-o-to-system-privileges/