After successfully identifying multiple vulnerabilities in macOS, the research team at Computest Security has now found a significant vulnerability in Windows 11. This discovery contributes to making the Windows operating system more secure.
Full Access
The research team began their investigation into Windows to gain more insight into the system's security layers. During this research, they initially discovered a different vulnerability. However, an additional security measure prevented this vulnerability from being exploited. Once the team managed to bypass this measure, they found that the original vulnerability had already been patched. However, the bypass itself proved useful in other areas. The vulnerability reported to Microsoft by ethical hackers Thijs Alkemade, Daan Keuper, and Khaled Nassar allowed attackers to gain elevated privileges within the operating system and start unauthorized applications. By combining all the steps, an attacker could gain access to all (sensitive) data on the system.
Update Windows
The vulnerability in Windows was patched during 'Patch Tuesday' on April 9th. We advise everyone who has not yet installed the latest Windows updates to do so as soon as possible. Malicious hackers have had the opportunity to analyze what has changed and which vulnerabilities have been fixed since the update was released. Therefore, it is crucial to implement software updates immediately.
Technical information
Now that the vulnerability has been patched, the Computest Security research team has published the technical details. In the latest write-up, Alkemade, Keuper, and Nassar explain how they conducted their work and the process behind their findings.
Award-winning hacks
The research into Windows is part of an impressive track record. Thijs Alkemade, Daan Keuper, and Khaled Nassar focus entirely on security research in their dedicated lab at Computest Security. They have already achieved several award-winning hacks. For instance, Alkemade and Keuper have won the international hacking competition Pwn2Own three times by hacking Zoom, demonstrating vulnerabilities in industrial systems and charging stations. They have also exposed vulnerabilities in various cars from the Volkswagen Group.
- Read more technical details about the Windows 11 vulnerability and the research in this blog.