Often, such vulnerabilities are combined with a user-mode vulnerability, achieving what is often called a local remote. However, kernel-mode vulnerabilities are primarily exploited locally - once access has been gained to a system in order to elevate privileges. User-mode vulnerabilities historically have been exploited remotely or through common desktop applications like browsers, office productivity suites, and PDF readers. It is also worth noting that each of these vulnerability classes can be located in user mode, kernel mode, and these days - the hypervisor. These bug classes have been and are still leveraged by adversaries and security researchers. Matt Miller of Microsoft gave a talk at BlueHat IL in 2019 outlining the top vulnerability classes since 2016: out-of-bounds read, use-after-free, type confusion and uninitialized use. Due to the layout in memory of various data types, this can lead to unexpected behavior.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |