Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
WindowsKernelVuln/CVE-2023-1676/
WindowsKernelVuln/CVE-2023-1676/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.

DriverGenius, mydrivers64.sys, Arbitrary Kernel Execution

Vulnerability Info

Version

Impact

Arbitrary Kernel Execution

Description

From IoControlCode 0x9C402088, a normal user can call __writemsr, which can lead to arbitrary kernel execution.

Reproduce

In the attached file ArbitraryKernelExecution.zip, there are writemsr.exe, writemsr.cpp, ArbitraryKernelExecution.cpp, DGSetup_Home_BZNR.exe, and mydrivers64.sys. writemsr.exe is the PoC to call wrmsr where DGSetup_Home_BZNR.exe which contains the vulnerable driver mydrivers64.sys is installed, and writemsr.cpp is the source code of writemsr.exe. To reproduce the issue, install DGSetup_Home_BZNR.exe and execute writemsr.exe. It is expected that the system will call __writemsr once writemsr.exe is executed. To achieve arbitrary kernel execution, refer to the project https://git.back.engineering/_xeroxz/msrexec, and replace main.cpp in the project to ArbitraryKernelExecution.cpp in the attachment. Password for attachment: ArbitraryKernelExecution https://drive.google.com/file/d/1kYCec3kYCzD9s2Vnclp_aW5jLneWqHC_/view?usp=sharing