in , ,

CVE-2022-22715 WINDOWS DIRTY PIPE Writeup with Exploit

In February 2022, Microsoft patched the vulnerability which was first shown in TianfuCup 2021 for escaping Adobe Reader sandbox, assigned CVE-2022-22715. The vulnerability existed in Named Pipe File System nearly 10 years since the AppContainer was born. The vulnerability was called as t “Windows Dirty Pipe“.
In this article, I will share the root cause and exploitation of Windows Dirty Pipe. So let’s start our journey.

Root Cause of Windows Dirty Pipe

The vulnerability existed in Named Pipe File System Driver – npfs.sys, and the issue function is npfs!NpTranslateContainerLocalAlias. When we invoking NtCreateFile with a named pipe path, it will hit the IRP_MJ_CREATE major function of npfs, it called NpFsdCreate.

Check The POC Video

You can Read full technical details Here and can get the POC exploit code on GitHub.

What do you think?

Written by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Critical Local File Read in Electron Desktop App

MagicWeb: NOBELIUM’s post-compromise trick to authenticate as an