A critical security vulnerability has been identified in Windows 11 version 23H2, specifically within the ksthunk.sys driver, which facilitates communication between 32-bit and 64-bit processes. This flaw, an integer overflow in the CKSAutomationThunk::ThunkEnableEventIrp function, allows local attackers to escalate their privileges to system level.
The vulnerability was demonstrated at the TyphoonPWN 2024 event, where it secured second place. It exploits improper buffer size calculations, leading to a heap overflow that attackers can manipulate to execute arbitrary code with elevated privileges.
Despite Microsoft’s assertion that the issue was a duplicate of a previously fixed vulnerability, security researchers have found it remains exploitable in the latest Windows 11 version 23H2. Microsoft has not provided specific patch details or a CVE number for this flaw.
Users are advised to keep their systems updated with the latest security patches, exercise caution when running untrusted applications, and monitor for unusual system behavior to mitigate potential exploitation.
Source: Cybersecurity News
CyberCasta 
Leave a comment