Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges

EDB-ID:

52362

CVE:

2025-49744

EDB Verified:

Author:

nu11secur1ty

Type:

local

Exploit:   /  

Platform:

Windows

Date:

2025-07-16

Vulnerable App: 
**Exploit Title : Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
**Author:** nu11secur1ty
**Date:** 07/11/2025

---

## Overview

This repository contains a PowerShell script to **validate whether a
Windows 11 system is vulnerable to CVE-2025-49744**—a critical local
privilege escalation vulnerability involving the `gdi32.dll` and
`win32kfull.sys` system components.

The script performs the following checks:

- Windows build number validation
- Installed hotfixes, focusing on July 2025 patches including **KB5039302**
- Binary timestamp verification of critical system files
- Safe, non-destructive GDI32 API interaction test

---

## PoC Validator
[href](https://raw.githubusercontent.com/nu11secur1ty/CVE-mitre/refs/heads/main/2025/CVE-2025-49744/Validate-CVE-2025-49744-PoC.ps1)

## Usage

1. Open **PowerShell as Administrator**.
2. Download or clone this repository to your system.
3. Run the script:

```powershell
.\Validate-CVE-2025-49744-PoC.ps1

## Output

[CVE-2025-49744 PoC Validator] by nu11secur1ty

[*] Windows Build Number: 26100

[*] July 2025 Hotfixes installed:
    -> KB5056579 (7/9/2025)
    -> KB5039302 (7/9/2025)

[*] Checking critical system binary timestamps:
    gdi32.dll: Version 10.0.26100.4484, Last Write Time: 7/9/2025
        [✓] Binary appears patched.

[*] Running safe GDI32 API interaction test...
    [+] GDI32 CreateSolidBrush succeeded (handle: 12345)

[✓] SYSTEM STATUS: Patched against CVE-2025-49744.
```

## Important Notes

- This script does not exploit or alter the system. It only performs
validation and safe API calls.
- Keep your system regularly updated with official Microsoft patches.
- Use this tool for awareness and compliance in your security assessments.

## License
MIT License (or specify your preferred license)

## References

- [CVE-2025-49744](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49744)
on MITRE
- Microsoft Security Bulletin - July 2025
- PowerShell documentation

## Video demo:
[href](https://www.youtube.com/watch?v=SR2pWoncfw4)

## Buy the real exploit:
[href](https://satoshidisk.com/pay/COq10D)

## Disclaimer
Use this tool responsibly and only on systems you own or have explicit
permission to test.


-- 

System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstorm.news/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services