Windows HTTP.SYS Kerberos PAC Verification Bypass / Privilege Escalation

December 9, 2022

Authored by James Forshaw, Google Security Research

The HTTP server implemented in HTTP.SYS on Windows handles authentication in a system thread which bypasses PAC verification leading to escalation of privilege.

advisories | CVE-2022-35756, CVE-2022-41057

Loading…

Here are the results for the search: "{{td_search_query}}"

No results!

{{post_title}}

RELATED ARTICLES

Palo Alto PAN-OS Command Execution / Arbitrary File Creation

Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution

Gambio Online Webshop 4.9.2.0 Remote Code Execution