Xigncode3 Anti Cheat
Monthly
Local privilege escalation in Wellbia XIGNCODE3 anti-cheat driver (xhunter1.sys) allows any low-privileged user process to obtain a PROCESS_ALL_ACCESS handle to arbitrary processes by sending the IRP_MJ_REITS command to the kernel driver. Because XIGNCODE3 is bundled with many online games and runs with kernel privileges, a local attacker on an affected gaming system can hijack high-integrity processes including LSASS. Publicly available exploit code exists in the form of a detailed write-up, though EPSS exploitation probability remains very low at 0.02%.
Local privilege escalation in Wellbia XIGNCODE3 anti-cheat driver (xhunter1.sys) allows any low-privileged user process to obtain a PROCESS_ALL_ACCESS handle to arbitrary processes by sending the IRP_MJ_REITS command to the kernel driver. Because XIGNCODE3 is bundled with many online games and runs with kernel privileges, a local attacker on an affected gaming system can hijack high-integrity processes including LSASS. Publicly available exploit code exists in the form of a detailed write-up, though EPSS exploitation probability remains very low at 0.02%.