some life issues and was unable to respond to it so I decided to give
more time before disclosure in this case.
I've sent him a quick email now too to point at this thread in case
he manages to release an official patch any time soon.
I tried quite hard to contact the vendor but without success, then I decided to release all the details and a fix..
I think the CVE I got should be rejected and marked as duplicate, but I don't know how to handle situations like this..
In the meantime, do you want me to put your name in the credits on my website?
I actually reported this vulnerability to the vendor at the beginning
of this year. I also got the following CVEID assigned for it in
I was waiting on the vendor to patch the vulnerability since then
before I publish the details.
TL;DR: Abusing enabled token privileges through a kernel exploit to gain EoP it won’t be enough anymore as from NT
kernel version 10.0.15063 they are ‘checked’ against the privileges present in the token of the calling process. So you
will need two writes.