CVE-2023-41772

Name of the Vulnerable Software and Affected Versions Windows versions prior to the fixed version Win32k.sys (affected versions not specified)

Description The issue is related to insufficient access control in the Win32k component of the Windows operating system. It allows an attacker to elevate their privileges. The estimated number of potentially affected devices is not provided. There are reports of real-world incidents where this issue was exploited. Technical details about exploitation include the use of the UIFuckUp exploit to gain system privileges on Windows 10 and 11.

Recommendations For Windows versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to the Win32k component until a patch is available. Avoid using the Win32k.sys component in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.