Info Data Leak

Threat Actor Selling Zero-Day LPE Exploit for Windows 8.1, 10, and 11

DailyDarkWeb

Threat Actor: Unknown | Unknown
Victim: Windows 8.1, 10, and 11 | Windows 8.1, 10, and 11
Price: $150,000 in cryptocurrency
Exfiltrated Data Type: Not specified

Additional Information:

  • The threat actor is allegedly selling a zero-day Local Privilege Escalation (LPE) exploit targeting Windows 8.1, 10, and 11.
  • The exploit leverages a race condition vulnerability in the Windows kernel and is specifically designed for x64 systems.
  • For Windows 11, the exploit uses the I/O Ring technique, while for older versions, it achieves elevation by overwriting the PreviousMode in the _KTHREAD structure.
  • The exploit is written in C and developed using Visual Studio 2019.
  • The sale package includes an exploit project and a test example that elevates console rights after a short period.
  • The compiled exploit’s size is approximately 16KB.

A threat actor is allegedly selling a zero-day Local Privilege Escalation (LPE) exploit targeting Windows 8.1, 10, and 11. This exploit purportedly leverages a race condition vulnerability in the Windows kernel, specifically designed for x64 systems. It claims to elevate the rights of any already running process to SYSTEM level.

For the latest Windows 11, the exploit is said to use the I/O Ring technique, while for older versions, it allegedly achieves elevation by overwriting the PreviousMode in the _KTHREAD structure. According to the seller, the exploit is written in C and developed using Visual Studio 2019. The sale package purportedly includes an exploit project and a test example that launches cmd.exe, elevating console rights after a short period. The compiled exploit’s size is approximately 16KB.

Details of the Claim:
  • Target: Windows 8.1, 10, and 11
  • Vulnerability: Race condition in the Windows kernel
  • System Compatibility: x64 systems
  • Implementation: C in Visual Studio 2019
  • Functionality: Allegedly elevates rights to SYSTEM for any running process
  • Exploit Techniques:
    • Windows 11: I/O Ring technique
    • Older versions: Overwriting PreviousMode in _KTHREAD
  • Package Includes: Exploit project and test example
  • Compiled Size: ~16KB
  • Price: $150,000 in cryptocurrency

Original Source: https://dailydarkweb.net/threat-actor-claims-to-sell-zero-day-lpe-exploit-for-windows-8-1-10-and-11/

Tags: ZERO-DAY, EXPLOIT, WINDOWS, PRIVILEGE, VULNERABILITY