As part of January Patch Tuesday, Microsoft fixed a dangerous 0-day privilege escalation vulnerability for which a PoC exploit is available online.
The vulnerability is already being exploited in attacks by highly skilled hacker groups.
The exploit was published by Privacy Piiano founder and CEO Gil Dabah, who discovered the vulnerability two years ago.
Daba said he chose not to report his discovery to Microsoft because it was very difficult to get money through its vulnerability bounty program.
The vulnerability, identified as CVE-2022-21882, could allow aт attacker to elevate his privileges on the local system.
Microsoft mentioned RyeLv as the researcher who discovered the vulnerability. The researcher submitted his description of the input type mismatch vulnerability in Win32k.sys on January 13, 2022.
Investment in the program was also the top recommendation of RyeLv’s technical analysis for Microsoft. He told how to “kill the bug class”:
Let me remind you that we also wrote that Zerodium offers up to $400,000 for exploits for Microsoft Outlook, and also that Google recruits a team of experts to find bugs in Android applications.