Full title: Ancillary Function Driver (AFD) For Winsock Privilege Escalation Exploit 
Category: remote exploits
Platform: windows
A vulnerability exists in the Windows Ancillary Function Driver for Winsock (afd.sys) can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. Due to a flaw in AfdNotifyRemoveIoCompletion, it is possible to create an arbitrary kernel Write-Where primitive, which can be used to manipulate internal I/O ring structures and achieve local privilege escalation. This exploit only supports Windows 11 22H2 up to build 22621.963 (patched in January 2023 updates).

# 0day.today @ http://0day.today/