Posts Tagged ‘windows’

Microsoft Windows WLDP/MSHTML CLSID UMCI Bypass

The enlightened lockdown policy check for COM Class instantiation can be bypassed in MSHTML hosts leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard). Source: Microsoft Windows WLDP/MSHTML CLSID UMCI Bypass

Windows Escalate UAC Protection Bypass (In Memory Injection) Abusing WinSXS

This Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off by abusing the way “WinSxS” works in Windows systems. This Metasploit module uses the Reflective DLL Injection technique to drop only the DLL payload binary instead […]

Microsoft Windows 10 x64 RS2 win32kfull!bFill Overflow

This is a collection of exploits for the recently-patched win32kfull!bFill vulnerability. Executing the Palette or Bitmap exploit will give you SYSTEM privileges on the affected system. The exploits should work fine on Windows 10 x64 with Creators Update, build 15063.540 (latest version of Win10 before the release of Microsoft’s September Updates). Source: Microsoft Windows 10 […]