Search the Community

On Microsoft Windows, the LUAFV driver has a race condition in the LuafvPostReadWrite callback if delay virtualization has occurred during a read leading to the SECTION_OBJECT_POINTERS value being reset to the underlying file resulting in elevation of privilege. View the full article

On Microsoft Windows, the LUAFV driver can confuse the cache and memory manager to replace the contents of privileged file leading to elevation of privilege. View the full article

On Microsoft Windows, the NtSetCachedSigningLevel system call can be tricked by the operation of LUAFV to apply a cached signature to an arbitrary file leading to a bypass of code signing enforcement under UMCI with Device Guard. View the full article

On Microsoft Windows, the LUAFV driver bypasses security checks to copy short names during file virtualization which can be tricked into writing an arbitrary short name leading to elevation of privilege. View the full article

On Microsoft Windows, the LUAFV driver doesn't take into account a virtualized handle being duplicated to a more privileged process resulting in elevation of privilege. View the full article

On Microsoft Windows, the LUAFV driver reuses the file's create request DesiredAccess parameter, which can include MAXIMUM_ACCESS, when virtualizing a file resulting in elevation of privilege. View the full article