Blog - Crowdfense

11SepSeptember 11, 2025

NT OS Kernel Information Disclosure Vulnerability – CVE-2025-53136

Introduction Microsoft mitigated many traditional kernel information leaks starting with Windows 11/Windows Server 2022 24H2, including calls such as NtQuerySystemInformation() (when used with the SystemModuleInformation class), by suppressing kernel base addresses unless the caller had the SeDebugPrivilege, typically reserved for administrative processes. That change effectively neutered one of the most accessible KASLR bypass techniques, and, without knowledge of the kernel's base addresses, exploitation became harder. While doing...

By hieu.q, voidsecRead more...

04SepSeptember 4, 2025

Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver – CVE-2025-53149

From time to time, while digging through internals during our research, we stumble upon quirks or vulnerabilities that, although not immediately useful for operations or exploitation, are still noteworthy. Rather than letting these findings fade away, we decided to responsibly disclose them to the vendor. One such case is CVE-2025-53149, a heap-based buffer overflow in the Kernel Streaming WOW Thunk...

By aleksandr.k, voidsecRead more...

08MayMay 8, 2025

CVE-2024-11477- 7-Zip ZSTD Buffer Overflow Vulnerability

As part of our daily job in Crowdfense, we investigate and dive deep into recently disclosed vulnerabilities to determine their exploitability and, if possible, weaponise them. We maintain a curated list of n-days (N-day Vulnerability Intelligence Feed) for red and blue teams, aiding them in conducting their operations and APT simulation scenarios. As we routinely check for interesting...

By siddhant.b, voidsecRead more...

01AugAugust 1, 2024

Windows Wi-Fi Driver RCE Vulnerability – CVE-2024-30078

In June, during "Patch Tuesday”, Microsoft released a fix for CVE-2024-30078. The severity of this vulnerability was marked as important, with its impact set to Remote Code Execution (RCE). After reading Microsoft’s bulletin, this vulnerability piqued our interest. It seemed plausible for an unauthenticated attacker to send a malicious packet to an adjacent system, which could enable remote...

By aleksandr.k, voidsecRead more...

01AugAugust 1, 2024

Windows AppLocker Driver LPE Vulnerability – CVE-2024-21338

When I initially interviewed candidates for CF’s Windows Researchers position, one of the challenges I gave out was related to CVE-2024-21338. A Windows Kernel Elevation of Privileges, specifically an Untrusted Pointer Dereference vulnerability in the appid.sys driver. The driver is responsible for the AppLocker technology. Back then, this vulnerability became famous thanks to Avast's beautiful work on the...

By hieu.q, voidsecRead more...

09MayMay 9, 2024

Crowdfense – The challenge

After a few months, since I joined the company, it’s perhaps time for me to write something and inaugurate our blog. First, I want to express my gratitude to the readers who have ventured into our blog for the first time. I understand your anticipation for technical content, and I assure you that this non-technical blog will only be a one-off....

By voidsecRead more...