- Topic1/3
35k Popularity
24k Popularity
41k Popularity
8k Popularity
20k Popularity
- Pin
- 🎉 The #CandyDrop Futures Challenge is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win.
- 🎉 Gate Square Growth Points Summer Lucky Draw Round 1️⃣ 2️⃣ Is Live!
🎁 Prize pool over $10,000! Win Huawei Mate Tri-fold Phone, F1 Red Bull Racing Car Model, exclusive Gate merch, popular tokens & more!
Try your luck now 👉 https://www.gate.com/activities/pointprize?now_period=12
How to earn Growth Points fast?
1️⃣ Go to [Square], tap the icon next to your avatar to enter [Community Center]
2️⃣ Complete daily tasks like posting, commenting, liking, and chatting to earn points
100% chance to win — prizes guaranteed! Come and draw now!
Event ends: August 9, 16:00 UTC
More details: https://www
Serious Windows vulnerability may affect Web3 security, Microsoft has fixed the privilege escalation risk in early systems.
Analysis of Serious Vulnerabilities in Microsoft Windows System: Potential Threats to Web3 Security
Last month, Microsoft released a security patch that fixed a Windows privilege escalation vulnerability being exploited by hackers. This vulnerability only affects earlier versions of Windows systems and cannot be triggered on Windows 11. This article will analyze how attackers continue to exploit this vulnerability in the context of increasingly strengthened security measures.
The analysis process was completed in a Windows Server 2016 environment. These types of undisclosed system vulnerabilities are commonly referred to as "zero-day vulnerabilities", which can be maliciously exploited by hackers without detection, causing significant harm. The recently discovered Windows system-level vulnerability allows hackers to gain full control of the system, thereby stealing personal information, implanting malware, and causing system crashes, among other issues. In severe cases, it could jeopardize the entire Web3 ecosystem based on Web2 infrastructure.
By analyzing the patch, the issue lies in the locking mechanism for window objects and menu objects in the win32k code. The early code only locked the window objects without locking the associated menu objects, which could lead to incorrect references to the menu objects.
To reproduce this vulnerability, we constructed a special multi-layer nested menu structure and deleted the reference relationships between some menus at a critical moment. This way, when the kernel function returns to the user layer, a certain menu object will be released, causing subsequent kernel functions to incorrectly reference an invalid object.
Exploitation mainly consists of two steps: first, control the window extension data size using the released object, and then use this extended data to achieve stable memory read and write. We achieved the first write by carefully designing the memory layout and utilizing the data between adjacent objects.
Ultimately, we achieved stable arbitrary memory read and write, which can be used to replace process tokens for privilege escalation. The entire exploitation process mainly relies on the leakage of desktop heap handle addresses, which still poses a security risk for older systems.
Overall, although Microsoft is refactoring the win32k code with Rust to eliminate such vulnerabilities, threats to existing systems still exist. In the future, detection of abnormal memory operations should be strengthened to identify similar vulnerabilities. Additionally, the issue of desktop heap handle address leakage needs to be thoroughly resolved to enhance the overall security of the system.