Enable build support by adding .buildspec.yml
| PoC | Loading last commit info... | |
| .gitattributes | ||
| LICENSE | ||
| README.md | ||
| report.md |
README.md
CVE-2023-36427
This repo contains the report and exploit of CVE-2023-36427, arbitrary physical memory corruption from the root partition on Windows. The details and exploit of the vulnerability are in the report sent to Microsoft.
Timeline
- July 2 - Sent a report to a friend of mine at Microsoft.
- July 11 - Received a reply from a member of the team responsible for the issue.
- August 8 - Received a proposal to make the disclosure date November 14.
- August 9 - Agreed with the proposal.
- November 14 - A fix released.
- November 15 - Disclosed the issue. Notified that the issue was eligile for a 2000 USD bounty award.
Thanks MSRC for transparent communication, the engineering team for fixing this on time, and Andrea (@aall86) for helping me share the issue and connecting with the right folks within Microsoft.