Patch Tuesday -- Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours
This blog post discusses the exploitation of a vulnerability in the Windows Ancillary Function Driver for Winsock (afd.sys) for Local Privilege Escalation (LPE) on Windows 11. The vulnerability was discovered by analyzing the differences between the December 2022 and January 2023 versions of the driver. The analysis was done using Ghidra to create binary exports for both versions, which were then compared in BinDif. The exploit code for the vulnerability can be found online. CVEs: CVE-2023-21768, CVE-2021-41073 [View Article](https://securityintelligence.com/posts/patch-tuesday-exploit-wednesday-pwning-windows-ancillary-function-driver-winsock/)