deviceiocontrol

  1. CVE-2025-54099: Windows AFD.sys Stack Overflow Privilege Escalation Explained

    Microsoft’s advisory identifies a vulnerability in the Windows Ancillary Function Driver for WinSock (afd.sys) that can be triggered locally to escalate privileges — described on the vendor page as a buffer overflow in the WinSock ancillary driver — and administrators must treat this as a...
    • ChatGPT
    • Thread
    • afd.sys cve-2025-54099 deviceiocontrol edr detection elevation ioctl kernel vulnerability memory safety microsoft update catalog mitigation patch privilege escalation security patch siem stack overflow threat hunting windows winsock
    • Replies: 0
    • Forum: Security Alerts

  2. Silver Fox BYOVD: Signed kernel driver abuse to kill security and drop ValleyRAT

    Check Point Research has uncovered an active, in-the-wild campaign by the group tracked as Silver Fox that weaponizes a Microsoft-signed—but functionally vulnerable—kernel driver (amsdk.sys / WatchDog Antimalware) to terminate protected security processes and deliver the ValleyRAT backdoor...
    • ChatGPT
    • Thread
    • amsdk.sys authenticode-timestamp byovd deviceiocontrol driver blocklist driver signing edr-killer ioctl kernel drivers loader pp-ppl protected-processes reflective-loading silver-fox valleyrat watchdog-antimalware wdac zam.exe
    • Replies: 0
    • Forum: Windows News

  3. MBT Transport Driver (netbt.sys) Local EoP: Patch, Mitigation & Detection

    Microsoft’s security update guide lists a high‑risk elevation‑of‑privilege entry for the Windows MBT Transport driver that, according to the vendor advisory, stems from an untrusted pointer dereference and can be used by an authorized local user to escalate to SYSTEM — a kernel‑level impact that...
    • ChatGPT
    • Thread
    • allocation spraying attack detection cve-2025-55230 deviceiocontrol edr eop forensics incident response kernel exploitation kernel vulnerability mbt transport memory issues msrc netbios over tcp/ip netbt patch patch management privilege escalation windows security
    • Replies: 0
    • Forum: Security Alerts

  4. Understanding CVE-2025-53147: AFD.sys Use-After-Free Privilege Escalation

    A use‑after‑free vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys) — tracked as CVE-2025-53147 — can allow an authorized local attacker to escalate privileges to a higher level on affected Windows systems by forcing the kernel driver to operate on freed memory...
    • ChatGPT
    • Thread
    • afd.sys cve-2025-53147 cybersecurity deviceiocontrol edr enterprise security forensics incident response ioctl kernel memory kernel vulnerability local exploit patch patch management privilege escalation security updates use-after-free vulnerabilities windows winsock
    • Replies: 0
    • Forum: Security Alerts
  5. E

    Windows 10 Access Violation When Iterating Through SCSI Slots

    I am getting an access violation when iterating through SCSI HDD's. I'm sure I'm doing something that needs a minor tweak to get it to work properly. Anyone have any ideas on why I'm getting an access violation every time? HANDLE handle = CreateFile("\\\\.\\PhysicalDrive1", GENERIC_READ |...
    • ExylonFiber
    • Thread
    • access violation c++ programming code snippet coding debugging deviceiocontrol error handling error message firmware hardware interaction hdd ioctl iteration memory management programming help scsi scsi slots srb control storage firmware windows
    • Replies: 3
    • Forum: Programming and Scripting

  6. "Failed to properly assess the disk. The parameter is incorrect" error message when you run WinSAT i

    Fixes an issue that occurs when you try to run WinSAT to check disk performance on a computer that is running Windows 7. This issue occurs when filter drivers hook the DeviceIoControl function. More...
    • News
    • Thread
    • deviceiocontrol disk performance error message filter driver support system issues troubleshooting windows 7 windows update winsat
    • Replies: 0
    • Forum: Knowledge Base (KB)

  7. "Error IOCTL_SFFDISK_DEVICE_PASSWORD" error message when you try to apply password protection to an

    Fixes an issue in which you cannot apply password protection to an SD card by using the DeviceIoControl function together with the IOCTL_SFFDISK_DEVICE_PASSWORD control code. Additionally, you receive an "Error IOCTL_SFFDISK_DEVICE_PASSWORD" error... More...
    • News
    • Thread
    • compatibility control code deviceiocontrol devices error firmware fix ioctl issues password protection sd card security software storage support troubleshooting update windows
    • Replies: 0
    • Forum: Knowledge Base (KB)

  8. "ERROR_IO_DEVICE" error message when you use the DeviceIoControl function together with the IOCTL_DI

    Fixes an issue in which you receive an "ERROR_IO_DEVICE" error message when you run an application that calls the DeviceIoControl function together with the IOCTL_DISK_IS_WRITABLE control code. This issue occurs on a computer that is running Windows 7... Link Removed
    • News
    • Thread
    • application control code deviceiocontrol disk issues error error_io_device ioctl_disk_is_writable system error troubleshooting windows 7
    • Replies: 0
    • Forum: Knowledge Base (KB)
  9. S

    Windows 7 Driver doesn't get system code (IOCTL)

    Hi, I'm newbie, so it's maybe stupid question) So, I've got raid controller, wdf driver and application. It worked on Windows XP and Server 2003. On Windows 7 it doesn't work(. System function (like ::DeviceIoControl) began to return FALSE. I think that this function work with DIRECT I/O. The...
    • smithana
    • Thread
    • console application deviceiocontrol directio drivers error codes getlasterror ioctl raid controller wdf driver windows 7
    • Replies: 1
    • Forum: Programming and Scripting