PT-2024-11633 · Microsoft · Windows 11+1
Jaewon Min
·
Published
2024-12-18
·
Updated
2024-12-19
·
CVE-2022-40732
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Windows 11 version 10.0.22000.593
Windows Server 2022 version 10.0.20348.643
Description
An access violation issue exists in the DirectComposition functionality of the win32kbase.sys driver. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger a Denial Of Service.
Recommendations
For Windows 11 version 10.0.22000.593, update to a version that includes a fix for this issue.
For Windows Server 2022 version 10.0.20348.643, update to a version that includes a fix for this issue.
As a temporary workaround, consider restricting access to the DirectComposition functionality until a patch is available.
Exploit
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Windows 11
Windows Server 2022