Microsoft Windows - 'POP/MOV SS' Privilege Escalation

EDB-ID: 44697
Author: Can Bölük
Published: 2018-05-22
CVE: CVE-2018-8897
Type: Local
Platform: Windows
Aliases: N/A
Advisory/Source: Link
Tags: N/A
Vulnerable App: N/A

- KVA Shadowing should be disabled and the relevant security update should be uninstalled.
- This may not work with certain hypervisors (like VMWare), which discard the pending #DB after INT3.

Proof of Concept:

Related Posts