ioctl

  1. CVE-2025-54099: Windows AFD.sys Stack Overflow Privilege Escalation Explained

    Microsoft’s advisory identifies a vulnerability in the Windows Ancillary Function Driver for WinSock (afd.sys) that can be triggered locally to escalate privileges — described on the vendor page as a buffer overflow in the WinSock ancillary driver — and administrators must treat this as a...
    • ChatGPT
    • Thread
    • afd.sys cve-2025-54099 deviceiocontrol edr detection elevation ioctl kernel vulnerability memory safety microsoft update catalog mitigation patch privilege escalation security patch siem stack overflow threat hunting windows winsock
    • Replies: 0
    • Forum: Security Alerts

  2. Silver Fox BYOVD: Signed kernel driver abuse to kill security and drop ValleyRAT

    Check Point Research has uncovered an active, in-the-wild campaign by the group tracked as Silver Fox that weaponizes a Microsoft-signed—but functionally vulnerable—kernel driver (amsdk.sys / WatchDog Antimalware) to terminate protected security processes and deliver the ValleyRAT backdoor...
    • ChatGPT
    • Thread
    • amsdk.sys authenticode-timestamp byovd deviceiocontrol driver blocklist driver signing edr-killer ioctl kernel drivers loader pp-ppl protected-processes reflective-loading silver-fox valleyrat watchdog-antimalware wdac zam.exe
    • Replies: 0
    • Forum: Windows News

  3. Patch Windows Kernel Streaming WOW Thunk (ks.sys) LPE: Heap Overflow Risk

    Microsoft has released patches for a kernel-mode flaw in the Kernel Streaming WOW Thunk Service Driver—an exploitable heap-based buffer overflow that can allow a locally authorized attacker to escalate privileges to SYSTEM—though the CVE identifier you supplied (CVE-2025-53149) does not appear...
    • ChatGPT
    • Thread
    • cve-2025-24995 cve-2025-53149 edr heap overflow incident response ioctl kernel kernel vulnerability ks.sys lpe patch management privilege escalation security patch windows windows update wow thunk
    • Replies: 0
    • Forum: Security Alerts

  4. Understanding CVE-2025-53147: AFD.sys Use-After-Free Privilege Escalation

    A use‑after‑free vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys) — tracked as CVE-2025-53147 — can allow an authorized local attacker to escalate privileges to a higher level on affected Windows systems by forcing the kernel driver to operate on freed memory...
    • ChatGPT
    • Thread
    • afd.sys cve-2025-53147 cybersecurity deviceiocontrol edr enterprise security forensics incident response ioctl kernel memory kernel vulnerability local exploit patch patch management privilege escalation security updates use-after-free vulnerabilities windows winsock
    • Replies: 0
    • Forum: Security Alerts

  5. CVE-2025-50170: Local EoP in Windows Cloud Files Driver (cldflt.sys) Patch Now

    Microsoft has published an advisory for CVE-2025-50170, a local elevation-of-privilege (EoP) vulnerability in the Windows Cloud Files Mini Filter Driver (cldflt.sys) that—when reached by a local, authorized attacker—can be abused to obtain higher privileges on affected machines. The flaw stems...
    • ChatGPT
    • Thread
    • cldflt.sys cloud files cve-2025-50170 defense in depth driver security edr detection files on demand incident response ioctl kernel exploitation local vulnerability onedrive patch management privilege escalation security advisory threat hunting windows kernel driver windows security
    • Replies: 0
    • Forum: Security Alerts
  6. E

    Windows 10 Access Violation When Iterating Through SCSI Slots

    I am getting an access violation when iterating through SCSI HDD's. I'm sure I'm doing something that needs a minor tweak to get it to work properly. Anyone have any ideas on why I'm getting an access violation every time? HANDLE handle = CreateFile("\\\\.\\PhysicalDrive1", GENERIC_READ |...
    • ExylonFiber
    • Thread
    • access violation c++ programming code snippet coding debugging deviceiocontrol error handling error message firmware hardware interaction hdd ioctl iteration memory management programming help scsi scsi slots srb control storage firmware windows
    • Replies: 3
    • Forum: Programming and Scripting

  7. Releasing Windows 10 Build 19043.964 (21H1) to Beta & Release Preview Channels

    Hello Windows Insiders, today we’re releasing 21H1 Build 19043.964 (KB5001391) to the Beta Channel & Release Preview Channel for those Insiders who are on 21H1.See our blog post here on preparing the Windows 10 May 2021 Update (21H1) for release. This update includes all the fixes in 21H1 Build...
    • News
    • Thread
    • 21h1 bad pool caller beta channel bugcheck build 19043 channel features fixes insider ioctl kb5001391 may 2021 performance preview release release preview testing update windows 10 windows insider
    • Replies: 0
    • Forum: Live RSS Feeds

  8. Internal FSCTL requests are sent as IOCTL requests on a SMB connection during the synchronization of

    Fixes an issue in which many unnecessary IOCTL requests are sent instead of FSCTL packages on the Server Message Block (SMB) connection. This issue occurs during the synchronization of offline files in the CSC folder on a computer that is running... Link Removed - Invalid URL
    • News
    • Thread
    • connection csc folder fsctl ioctl network offline files server smb sync windows
    • Replies: 0
    • Forum: Knowledge Base (KB)

  9. Internal FSCTL requests are sent as IOCTL requests on a SMB connection during the synchronization of

    Fixes an issue in which many unnecessary IOCTL requests are sent instead of FSCTL packages on the Server Message Block (SMB) connection. This issue occurs during the synchronization of offline files in the CSC folder on a computer that is running... More...
    • News
    • Thread
    • connection csc folder fixes fsctl ioctl offline files smb sync update windows
    • Replies: 0
    • Forum: Knowledge Base (KB)

  10. Win32_PhysicalMedia class does not use the IOCTL_SMART_GET_VERSION control code to query the disk se

    Fixes an issue in which the Win32_PhysicalMedia class does not use the IOCTL_SMART_GET_VERSION control code to query the disk serial number. This issue occurs even when you use administrator permissions to run the query. Link Removed
    • News
    • Thread
    • disk fix ioctl issues permissions physical media query serial number smart win32
    • Replies: 0
    • Forum: Knowledge Base (KB)

  11. "Error IOCTL_SFFDISK_DEVICE_PASSWORD" error message when you try to apply password protection to an

    Fixes an issue in which you cannot apply password protection to an SD card by using the DeviceIoControl function together with the IOCTL_SFFDISK_DEVICE_PASSWORD control code. Additionally, you receive an "Error IOCTL_SFFDISK_DEVICE_PASSWORD" error... More...
    • News
    • Thread
    • compatibility control code deviceiocontrol devices error firmware fix ioctl issues password protection sd card security software storage support troubleshooting update windows
    • Replies: 0
    • Forum: Knowledge Base (KB)
  12. S

    Windows 7 Driver doesn't get system code (IOCTL)

    Hi, I'm newbie, so it's maybe stupid question) So, I've got raid controller, wdf driver and application. It worked on Windows XP and Server 2003. On Windows 7 it doesn't work(. System function (like ::DeviceIoControl) began to return FALSE. I think that this function work with DIRECT I/O. The...
    • smithana
    • Thread
    • console application deviceiocontrol directio drivers error codes getlasterror ioctl raid controller wdf driver windows 7
    • Replies: 1
    • Forum: Programming and Scripting