Discovering 20 Year Old Vulnerabilities in Modern Windows Kernel presented at BlackHatEurope 2020

by Rancho Han,

Summary : With the continuous upgrade by Microsoft, the latest windows 10 version has become more and more powerful and supports more and more features. On the other hand, certain components always exist in windows system, such as printer driver.The function of the print driver consists of the GDI kernel and the user-mode printer driver.Printer Driver is too old, it turned out that few people payed attention to the security issues for it. However, the interaction between UMPD(user mode printer driver) and GDI kernel created a big attack surface.This talk presents how we found some novel and unique vulnerabilities in ancient windows code. In particular, we designed a special fuzzer for the user-mode print driver, which effectively found multiple vulnerabilities in windows graphics kernel. We will introduce the design idea and implement skills used in the fuzzer, and disclose the details of the two fixed vulnerabilities to deeply reveal the security impact of the UMPD attack surface.