WHQL-signed Windows kernel driver that hands any user-mode caller an arbitrary memory read primit...

Summary

A Windows kernel driver signed by Microsoft's WHQL certification has been discovered to expose an arbitrary memory read primitive accessible to any user-mode caller without ACL restrictions. The vulnerability allows attackers to read kernel memory and extract credentials from LSASS, making it particularly dangerous for credential theft attacks. The driver exposes the kernel page-table root, effectively bypassing security boundaries.

Entities