PT-2024-11634 · Microsoft · Windows 11+1
Jaewon Min
·
Published
2024-12-18
·
Updated
2024-12-19
·
CVE-2022-40733
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Windows 11 version 10.0.22000.593
Windows Server 2022 version 10.0.20348.643
Description
An access violation vulnerability exists in the DirectComposition functionality of the win32kbase.sys driver. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service.
Recommendations
For Windows 11 version 10.0.22000.593, update to a newer version that contains a fix for this issue.
For Windows Server 2022 version 10.0.20348.643, update to a newer version that contains a fix for this issue.
As a temporary workaround, consider restricting access to the win32kbase.sys driver to minimize the risk of exploitation.
Exploit
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Windows 11
Windows Server 2022