{"uuid": "297db88a-006a-48e8-8b0d-b77ed45c4997", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-0792", "type": "published-proof-of-concept", "source": "https://t.me/techpwnews/612", "content": "How a Deceptive Assert Caused a Critical Windows Kernel Vulnerability\n\nIn a software update released in November 2019, a tiny code change to the Windows kernel driver win32kfull.sys introduced a significant vulnerability. The code change ought to have been harmless. On the face of it, the change was just the insertion of a single assert-type function call to guard against certain invalid data in a parameter. In this article, we\u2019ll dissect the relevant function and see what went wrong. This bug was reported to us by anch0vy@theori and kkokkokye@theori, and was patched by Microsoft in February 2020 as CVE-2020-0792.\nUnderstanding the Function\nBefore examining the code change that caused the v...\n\nContinue reading at Zero Day Initiative - Blog", "creation_timestamp": "2020-05-09T23:41:12.000000Z"}