Exploit Day: Ksthunk.sys Bug Becomes Digital Weapon

During the recent Typhoonpwn 2024 event, a vulnerability in Windows 11 versions 23H2 was discovered. This vulnerability in the Ksthunk.sys driver allows local attackers to elevate their privileges by exploiting an integrity overflow. Specifically, the issue lies in the function “CksautomationThunk::ThunkenableEventir,” which handles 32-bit processes in a 64-bit environment.

The demonstration at the event showcased the successful exploitation of this vulnerability, highlighting the potential security risks it poses to Windows 11 users.

Exploits like this are typically categorized based on the type of vulnerability they exploit, whether they are local or remote, and the outcome of the exploit (such as EOP, DOS, Spulping). One method used to exploit zero-day vulnerabilities is through services like Exploit-A-A-Service.

/Reports, release notes, official announcements.