Windows Service
Exploiting the Windows AppXSvc Service Logic-Error Vulnerability
CVE-2021-34462 is a logic-error vulnerability in the Windows AppXSvc service, a service generally used for providing an infrastructure support for deployment of store applications in Windows. This vulnerability was used to win the Windows EoP category in Pwn2Own 2021 by Tao Yan [1]. The technical details was subsequently presented at BlackHat Europe 2021 [2] and is a very good read. So, this blog post serves as a documentation for our analysis of the vulnerability and exploitation development effort for CVE-2021-34462.
First, we discuss the root-cause analysis of this vulnerability. Then we describe how it can be reliably exploited to escalate user privileges and obtain NT AUTHORITY\SYSTEM.