windows-kernel-exploits

This repository is a curated collection of proof-of-concept exploit code for Windows kernel privilege escalation vulnerabilities, maintained by the SecWiki security community. Privilege escalation refers to techniques that allow an attacker who already has limited access to a Windows system to gain administrator or full SYSTEM-level control over it.

Each entry in the list identifies the vulnerability by its CVE number or Microsoft Security Bulletin identifier, the associated Windows patch number, a brief description of the affected component, the Windows versions the flaw affects, and a link to working exploit code. The collection covers vulnerabilities going back to 2003 and includes entries through 2021, spanning almost two decades of Windows security issues.

The affected components cover a wide range of Windows internals: the Win32k graphics subsystem, kernel mode drivers, the SMB network file-sharing protocol, the Task Scheduler, RPC interfaces, the AFD networking driver, and the Windows Subsystem for Linux, among others. Many entries target older releases such as Windows XP, Server 2003, and Windows 7, though more recent vulnerabilities affecting Windows 10 and Server 2019 are also included.

The repository also links to a companion tool called Windows Exploit Suggester, which compares a system's currently installed patches against the vulnerability list and identifies which exploits might apply to that specific machine. This is a common step in penetration testing, where testers check whether a target is missing patches before attempting to escalate privileges.

The disclaimer in the README states the material should not be used for illegal purposes and is intended for security research. The README is written primarily in Chinese, with English identifiers for each vulnerability entry.