A trick, the story of CVE 2024 26230

Source provenance. Raw material catalogued for the wiki ingest pipeline. Lives offline at raw_sources/windows-exploit-research/A trick, the story of CVE-2024-26230.md.

Status: integrated Integrated into: CVE-2024-26230

Excerpt

In April 2024, Microsoft patched a use-after-free vulnerability in the telephony service, which I reported and assigned to CVE-2024-26230. I have already completed exploitation, employing an interesting trick to bypass XFG mitigation on Windows 11. Moving forward, in my personal blog posts regarding my vulnerability and exploi…