Microsoft Windows - 'POP/MOV SS' Privilege Escalation

EDB-ID: 44697
Author: Can Bölük
Published: 2018-05-22
CVE: CVE-2018-8897
Type: Local
Platform: Windows
Aliases: N/A
Advisory/Source: Link
Tags: N/A
Vulnerable App: N/A

  
- KVA Shadowing should be disabled and the relevant security update should be uninstalled.
- This may not work with certain hypervisors (like VMWare), which discard the pending #DB after INT3.

Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44697.zip

Related Posts