CVE-2022-23298 Windows NT OS Kernel Elevation of Privilege vulnerability (9th Mar 2022)

Preface: The registration of CVE records is largely out of sync with the time of the event. Perhaps the new release of CVE record by today, however it was happened few weeks or months ago. But with reference of these vulnerabilities records. Vulnerability scanner can precisely provide a result to you after scan.

Background: Generally, suppliers have the right to keep design defect information from being released to the public. This CVE record was publicly released on March 9, 2022. But if you try to look in the local Windows directory (c:\windows\system32). You found that at least two of the[ .] dlls have been updated. They are hal[.]dll and ci[.]dll. Both files are closely related to ntoskrnl[.]exe. My guess is more based on this design limitation of ci[.]dll .

Ci[.] dll runs a feature that validates the integrity of a system file or drive whenever it is loaded into memory. This is an important Windows component and should not be removed. The Microsoft Windows operating system exhibits a graphical user interface and made its first appearance in November, 1985.

Virtual Secure Mode (VSM) has to be enabled in a special policy in the Group Policy Editor (gpedit[. ]msc): Computer Configuration -> Administrative templates -> System -> Device Guard -> Turn on Virtualization Based Security. Enable this policy and select Secure Boot option in Select Platform security level.

Vulnerability details: Certain versions of Windows from Microsoft contain the following vulnerability: Windows NT OS Kernel Elevation of Privilege Vulnerability.

Official announcement

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.