LOLDrivers icon indicating copy to clipboard operation
LOLDrivers copied to clipboard

Published 20 hours ago verified publisher icon magicsword-io

FanControl.sys

Open n4skx opened this issue 5 months ago • 0 comments

Samples: https://www.virustotal.com/gui/file/11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5

Related to WinRing0.sys. Vulnerable functions are few IOCTLs which allows arbitrary memory read and write, and arbitrary msr read and write.

This driver allows:

  • Privilege escalation
  • EDR/AV tampering
  • Arbitrary kernel function calls

n4skx avatar Sep 06 '24 17:09 n4skx