google-project-zero · Crawled Jul 5, 2026
A Deep Dive into the GetProcessHandleFromHwnd API
3 IoCs
Read original article ↗
AI Summary
The article analyzes the evolution of the GetProcessHandleFromHwnd API in Windows, revealing security flaws that allowed privilege escalation and access to protected processes. Early versions used user-mode hooks, but a shift to kernel-mode handling in Windows 10 introduced a vulnerability enabling unrestricted process handle access when UIPI checks were bypassed. This was exploited to compromise protected processes like WerFaultSecure.exe, leading to CVE-2023-41772. Recent Windows 11 updates have mitigated the issue by enforcing stricter access checks and feature flags.
AI-extracted · verify before operational use