LPE

Disclaimer I started working on this post some time ago, and the new research/stuff was announced in between. I will not address SysWhispers3, very recent technique of Resolving SSN using Exception Directory and many others.

I’d like to share the details of CVE-2021-26415 (CVSSv3.0: 7.8) vulnerability that was patched on 2021-04-13. I found this bug somewhere around October 2020 and worked with Trend Micro’s Zero Day Initiative to report it to Microsoft.