authors: chompie

For demonstration purposes only. Complete exploit works on vulnerable Windows 11 22H2 systems. Adapting the exploit to all vulnerable systems is left as an exercise to the reader. Git gud, etc.

Usage:

Windows_MSKSSRV_LPE_CVE-2023-6802.exe <pid>

where <pid> is the process ID (in decimal) of the process to elevate.

Should result in the target process being elevated to SYSTEM

The I/O Ring LPE primitive code is based on the I/ORing R/W PoC by Yarden Shafir

Blog post here