ProbeForWrite

MS08-066 : Catching and fixing a ProbeForRead / ProbeForWrite bypass

The driver afd.sys is responsible for handling socket connections.  MS08-066 addresses several vulnerabilities in afd.sys that could allow an attacker to execute arbitrary code in kernel mode. These vulnerabilities can only be exploited locally and there is no remote vector from our investigations. One of these vulnerabilities involves a ProbeForRead / ProbeForWrite bypass when using …

MS08-066 : Catching and fixing a ProbeForRead / ProbeForWrite bypass Read More »