An actively exploited Windows local privilege escalation vulnerability addressed as part of the May 2023 Patch Tuesday has a proof-of-concept (PoC) exploit revealed by researchers. The operating system’s window manager, screen output, input, and graphics are all managed by the Win32k subsystem (Win32k.sys kernel driver), which also serves as an interface for various types of input hardware.
As a result, these vulnerabilities can often be exploited to grant elevated privileges or code execution.The issue was first identified by cybersecurity company Avast and is tracked as CVE-2023-29336. Due to its ability to grant low-privileged users access to Windows SYSTEM rights—the highest user mode privileges in Windows—it was given a CVSS v3.1 severity rating of 7.8.