Authored by James Forshaw, Google Security Research

The HTTP server implemented in HTTP.SYS on Windows handles authentication in a system thread which bypasses PAC verification leading to escalation of privilege.

advisories | CVE-2022-35756, CVE-2022-41057