1. Background Based on the vulnerability name (Microsoft Windows Storage Port Driver), we can search and identify the corresponding file as storport.sys. This driver is used for communication between the computer and high-performance storage devices, defining how the computer communicates with these
Overview In this post, the author discovers vulnerabilities in Windows Update by examining its architecture and execution flow. Under Administrator privileges, an attacker can manipulate registry keys to control arbitrary system files, replacing them and bypassing system integrity checks. Due to the
0. Introduction This article introduces the CVE-2023-24949 vulnerability, whose full English name is “Windows Kernel Elevation of Privilege Vulnerability”, indicating that the vulnerability is located in ntoskrnl.exe. According to the official advisory, an attacker can exploit this vulne
0. Preface This article introduces the CVE-2023-21554 vulnerability, which exists in Microsoft’s Message Queuing (MSMQ) service. Due to the service’s lack of proper validation of data packets, an attacker can exploit this vulnerability to achieve remote code execution.
As I was not famil
1. Preface This article analyzes the CVE-2023-21768 vulnerability, which resides in the AFD (Ancillary Function Driver) driver of the Windows operating system. Throughout this post, “the original article” refers to reference [1]. By studying that article, I reproduced and rewrote the exp
0. Preface As we all know, win32k has contributed significantly to Windows privilege escalation vulnerabilities in recent years. I have always wanted to understand the principles of these vulnerabilities and read many related papers for this purpose. However, as a novice in kernel vulnerability rese
0. Preface CVE-2023-21752 is the first Microsoft vulnerability of 2023 to have a public exploit. Initially, I thought it would be straightforward to analyze given the availability of exploit code. However, it ended up taking a significant amount of time. The primary challenges lay in two areas: loca
0. Preface This is an incomplete introduction to CSRSS. Since I was analyzing CSRSS-related vulnerabilities recently, I organized some related knowledge. Therefore, you cannot fully understand CSRSS solely through this article. However, if this article can answer some of your questions while learnin
Preface During the process of learning HEVD (HackSys Extreme Vulnerable Driver), I found there were many concepts I didn’t fully understand, which prompted this article. The content is translated from reference^[1]^, with minor adjustments to the content and structure for learning purposes. Ba
0. Preface HackSys Extreme Vulnerable Driver (HEVD) is a Windows driver with multiple vulnerabilities developed for learning kernel exploit techniques. This article describes how to bypass a stack overflow vulnerability with /GS protection under a Windows 10 64-bit environment, involving two securit