A recently patched security flaw in Microsoft Windows allowed threat actors to exploit a vulnerability in the Win32k component and gain elevated privileges on affected systems. The vulnerability, known as CVE-2023-29336, was rated 7.8 in severity. Microsoft warned that successful exploitation could result in an attacker gaining SYSTEM privileges. Avast researchers were credited with discovering and reporting the flaw. The flaw relied on a leaked kernel handle address in the heap memory to achieve a read-write primitive. Numen Cyber, a Singapore-based cybersecurity company, deconstructed the patch and developed a proof-of-concept exploit for Windows Server 2016. They noted that Microsoft has attempted to refactor the vulnerable code using Rust in the latest Windows 11 preview version, potentially eliminating similar vulnerabilities in the future. Numen Cyber specializes in OS-level security attack and defense capabilities, focusing on addressing the unique security challenges of Web3.