Vulnerability Discovery in Windows Bloatware

Bloatware. We all hate it, and most of us are good at avoiding it. But some vendor tools – especially those managing critical drivers – can be useful when the Windows Update versions aren’t good enough for performance-critical computing.
What started as a routine driver update took a sharp turn when I confirmed a reboot modal… from my browser. Wait, my browser shouldn’t be able to do that!? To my disappointment (and maybe some surprise), it turned out to be arbitrary code execution – right from the browser. This kicked off a week-long deep dive, uncovering seven CVEs in seven days across several prominent vendors, all exploiting a common pattern: privileged services managing software on Windows with little regard for security.

In this stream, I’ll walk through the journey of discovery and exploitation of some of the vulnerabilities that lead to LPE/RCE. I'll cover everything from the initial attack surface discovery, reverse engineering and finally exploitation of several vulnerabilities. By the end, participants will probably be uninstalling similar software mid-session. While the exploitation journey is fun and impactful, this isn’t the kind of “access everywhere” anyone wants. It’s 2025 – we have everything we need to do better.