CVE-2021-1732 Win32k Elevation of Privilege Vulnerability (11th Feb 2021)

Preface: There are many reasons to encounter win32k.sys problems. Most issues related to SYS files involve blue crashes in past.

Background: win32k.sys is a valid program that is required to run at startup.The Graphics Device Interface Provides functionality for outputting graphical content to monitors, printers and other output devices. It resides in gdi.exe on 16-bit Windows, and gdi32.dll on 32-bit Windows in user-mode. Kernel-mode GDI support is provided by win32k.sys which communicates directly with the graphics driver. What is the difference if System Call filtering had been enabled. This may be examined by using the W32pServiceTableFilter instead.

Vulnerability details: A zero day vulnerability occurred in win32k callback, it could be used to escape the sandbox of Microsoft IE browser or Adobe Reader on the lasted Windows 10 version.

Attack Vector: Tricking a legitimate user into opening a malicious document

Impact: Elevation of Privilege

Official announcement –

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.