A threat actor is allegedly selling a zero-day Local Privilege Escalation (LPE) exploit targeting Windows 8.1, 10, and 11. This exploit purportedly leverages a race condition vulnerability in the Windows kernel, specifically designed for x64 systems. It claims to elevate the rights of any already running process to SYSTEM level.
For the latest Windows 11, the exploit is said to use the I/O Ring technique, while for older versions, it allegedly achieves elevation by overwriting the PreviousMode in the _KTHREAD structure. According to the seller, the exploit is written in C and developed using Visual Studio 2019. The sale package purportedly includes an exploit project and a test example that launches cmd.exe, elevating console rights after a short period. The compiled exploit’s size is approximately 16KB.
Details of the Claim:
- Target: Windows 8.1, 10, and 11
- Vulnerability: Race condition in the Windows kernel
- System Compatibility: x64 systems
- Implementation: C in Visual Studio 2019
- Functionality: Allegedly elevates rights to SYSTEM for any running process
- Exploit Techniques:
- Windows 11: I/O Ring technique
- Older versions: Overwriting PreviousMode in _KTHREAD
- Package Includes: Exploit project and test example
- Compiled Size: ~16KB
- Price: $150,000 in cryptocurrency
