CVE-2023-21768 PoC — Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Source

https://github.com/chompie1337/Windows_LPE_AFD_CVE-2023-21768

Associated Vulnerability

Title:Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability (CVE-2023-21768)
Description:Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Description

LPE exploit for CVE-2023-21768

Readme

# CVE-2023-21768 Local Privilege Escalation POC

authors: [chompie](https://twitter.com/chompie1337) & [b33f](https://twitter.com/FuzzySec)

For demonstration purposes only. Complete exploit works on vulnerable Windows 11 22H2 systems. 
Write primitive works on all vulnerable systems.

Usage:

```
Windows_AFD_LPE_CVE-2023-21768.exe <pid>
```

where `<pid>` is the process ID (in decimal) of the process to elevate.

Should result in the target process being elevated to SYSTEM


The I/O Ring LPE primitive code is based on the I/ORing R/W [PoC](https://github.com/yardenshafir/IoRingReadWritePrimitive) by [Yarden Shafir](https://twitter.com/yarden_shafir)

Blog post [here](https://securityintelligence.com/posts/patch-tuesday-exploit-wednesday-pwning-windows-ancillary-function-driver-winsock/)

File Snapshot


 [4.0K]  /data/pocs/a6d50125007287f9e076f0a449a8ada4fdd797bf
├── [ 798]  README.md
├── [4.0K]  Windows_AFD_LPE_CVE-2023-21768
│   ├── [6.2K]  exploit.c
│   ├── [2.3K]  ioring.h
│   ├── [8.0K]  ioring_lpe.c
│   ├── [7.0K]  win_defs.h
│   ├── [6.7K]  Windows_AFD_LPE_CVE-2023-21768.vcxproj
│   └── [1.3K]  Windows_AFD_LPE_CVE-2023-21768.vcxproj.filters
└── [1.5K]  Windows_AFD_LPE_CVE-2023-21768.sln

1 directory, 8 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!