In a rare find, a researcher has unveiled dozens of related bugs in a core Windows API that could enable attackers to elevate their privileges in the operating system.
A year ago, Gil Dabah promised that he would find over 15 bugs related to the Windows win32k component:
This month I am going to submit around 15 0ds to msft. Wooot— Gil Dabah (@_arkon) April 1, 2019
This week, he released a report detailing 25 of them:
Guys & girls!Exactly a year ago I promised over 15 bugs in win32k.
Check out the paper and the POCs, there are some crazy stuff going on. Promise!