July 16, 2025

Microsoft Graphics Component Windows 11 Pro (Build 26100+) – Local Elevation of Privileges

Author04 mins 


**Exploit Title : Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
**Author:** nu11secur1ty
**Date:** 07/11/2025

---

## Overview

This repository contains a PowerShell script to **validate whether a
Windows 11 system is vulnerable to CVE-2025-49744**—a critical local
privilege escalation vulnerability involving the `gdi32.dll` and
`win32kfull.sys` system components.

The script performs the following checks:

- Windows build number validation
- Installed hotfixes, focusing on July 2025 patches including **KB5039302**
- Binary timestamp verification of critical system files
- Safe, non-destructive GDI32 API interaction test

---

## PoC Validator
[href](https://raw.githubusercontent.com/nu11secur1ty/CVE-mitre/refs/heads/main/2025/CVE-2025-49744/Validate-CVE-2025-49744-PoC.ps1)

## Usage

1. Open **PowerShell as Administrator**.
2. Download or clone this repository to your system.
3. Run the script:

```powershell
.\Validate-CVE-2025-49744-PoC.ps1

## Output

[CVE-2025-49744 PoC Validator] by nu11secur1ty

[*] Windows Build Number: 26100

[*] July 2025 Hotfixes installed:
    -> KB5056579 (7/9/2025)
    -> KB5039302 (7/9/2025)

[*] Checking critical system binary timestamps:
    gdi32.dll: Version 10.0.26100.4484, Last Write Time: 7/9/2025
        [✓] Binary appears patched.

[*] Running safe GDI32 API interaction test...
    [+] GDI32 CreateSolidBrush succeeded (handle: 12345)

[✓] SYSTEM STATUS: Patched against CVE-2025-49744.
```

## Important Notes

- This script does not exploit or alter the system. It only performs
validation and safe API calls.
- Keep your system regularly updated with official Microsoft patches.
- Use this tool for awareness and compliance in your security assessments.

## License
MIT License (or specify your preferred license)

## References

- [CVE-2025-49744](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49744)
on MITRE
- Microsoft Security Bulletin - July 2025
- PowerShell documentation

## Video demo:
[href](https://www.youtube.com/watch?v=SR2pWoncfw4)

## Buy the real exploit:
[href](https://satoshidisk.com/pay/COq10D)

## Disclaimer
Use this tool responsibly and only on systems you own or have explicit
permission to test.


-- 

System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstorm.news/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Related News