{"vulnerability": "CVE-2026-20817", "sightings": [{"uuid": "3fe9c86a-de94-4f5e-8eb4-a6528eca1c29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3melv5qoewh2w", "content": "", "creation_timestamp": "2026-02-11T16:22:32.799464Z"}, {"uuid": "acfa0599-59ec-403a-986a-b1d36cb85c50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mfa4q7z7wz2m", "content": "", "creation_timestamp": "2026-02-19T17:31:23.522733Z"}, {"uuid": "5abfb87c-7f0a-49d8-95a9-bf937a2eb1ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://bsky.app/profile/co11ateral.bsky.social/post/3mfepziijds2s", "content": "", "creation_timestamp": "2026-02-21T13:27:50.045204Z"}, {"uuid": "27b623c5-fef3-4f6e-a1e6-bb6a6ee5b2bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3mg6e5xtgwc2m", "content": "", "creation_timestamp": "2026-03-03T18:04:14.612579Z"}, {"uuid": "658ec036-9589-432b-b460-8876095be48d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mg3gnw6b4z2w", "content": "", "creation_timestamp": "2026-03-02T14:10:56.489945Z"}, {"uuid": "582c3675-4363-4446-8273-34ebe19e4515", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3melv5rfpne2t", "content": "", "creation_timestamp": "2026-02-11T16:22:33.721898Z"}, {"uuid": "60aea74d-dd67-4cda-b6f5-9cb99d718b20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mf77hkpvuh2d", "content": "", "creation_timestamp": "2026-02-19T08:47:34.744754Z"}, {"uuid": "fc7dc113-ded0-4ef6-a5e5-f7d533dad18e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3meiqrhtdni2d", "content": "", "creation_timestamp": "2026-02-10T10:26:06.552229Z"}, {"uuid": "c7bdec5c-7610-4031-968e-563a3a93246e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3meiy4ujtf322", "content": "", "creation_timestamp": "2026-02-10T12:37:45.667550Z"}, {"uuid": "b1041848-f021-4932-934e-4d38fb1907c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://bsky.app/profile/oxfemale.bsky.social/post/3mf5bbnqepu2c", "content": "", "creation_timestamp": "2026-02-18T14:14:44.647650Z"}, {"uuid": "e0327907-3ec5-45c6-a100-fd4df92fbf76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/116046021324775284", "content": "", "creation_timestamp": "2026-02-10T11:09:21.314327Z"}, {"uuid": "f6a9dc82-64bb-423f-9ba7-d694989167f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mg5nrda5so2z", "content": "", "creation_timestamp": "2026-03-03T11:23:26.471638Z"}, {"uuid": "5457f889-27e7-4c60-bdf5-3fdf03ba4dbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://threatintel.cc/2026/02/10/windows-error-reporting-flaw-allows.html", "content": "", "creation_timestamp": "2026-02-10T10:09:30.000000Z"}, {"uuid": "e957b57e-3a3c-40f3-ab1e-e76b9b7e9216", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mej57vopf22v", "content": "", "creation_timestamp": "2026-02-10T14:08:56.126720Z"}, {"uuid": "3b64731a-4586-4420-af66-c82cc946b4e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-20817", "type": "seen", "source": "https://bsky.app/profile/glitterbean.wehavecookies.social.ap.brid.gy/post/3mho6xfi7sw42", "content": "", "creation_timestamp": "2026-03-22T18:38:55.014056Z"}, {"uuid": "4093c5d5-53db-4fc0-babc-1a01296285f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mhzrb6ipwo2d", "content": "", "creation_timestamp": "2026-03-27T09:05:44.511931Z"}, {"uuid": "29182056-3b1f-4e1e-8357-c74b028a5cd9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mhzrugjbly2y", "content": "", "creation_timestamp": "2026-03-27T09:16:29.840762Z"}, {"uuid": "c98ff285-774b-4058-8137-845af4714666", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-20817", "type": "seen", "source": "https://mastodon.social/users/verbrecher/statuses/116301143769680087", "content": "", "creation_timestamp": "2026-03-27T12:30:21.977885Z"}, {"uuid": "ba562874-7ea6-4fcd-9241-095157d73c70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mhznonupj62s", "content": "", "creation_timestamp": "2026-03-27T08:01:41.767788Z"}, {"uuid": "891b0ff5-1cd1-4aba-b4da-22832fe94479", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://www.thezdi.com/blog/2026/1/13/the-january-2026-security-update-review", "content": "", "creation_timestamp": "2026-01-13T18:01:16.000000Z"}, {"uuid": "8543fff1-066a-4392-8a93-2c903ec9be4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0007", "content": "", "creation_timestamp": "2026-01-13T18:16:30.000000Z"}, {"uuid": "3cbd602b-ac66-4bff-bc2d-4415627b7497", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://bsky.app/profile/crowdcyber.bsky.social/post/3mhyzmvttea25", "content": "", "creation_timestamp": "2026-03-27T02:02:47.823260Z"}, {"uuid": "fbcc4414-e277-4464-bba1-f540e9c7a887", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3mi4x3qpjcs2p", "content": "", "creation_timestamp": "2026-03-28T15:28:04.434844Z"}, {"uuid": "074075d2-b37e-498a-afd0-6fdb59a5e255", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mj26b4dnx52u", "content": "", "creation_timestamp": "2026-04-09T06:23:32.721738Z"}, {"uuid": "e26928da-5086-488d-aaf9-571e7858db37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3micuxxje7k2m", "content": "", "creation_timestamp": "2026-03-31T00:06:10.351115Z"}, {"uuid": "3dd66e9f-b0e4-4df0-8564-07075e32417a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-20817", "type": "published-proof-of-concept", "source": "https://www.cryptika.com/poc-exploit-released-for-windows-error-reporting-alpc-privilege-escalation/", "content": "", "creation_timestamp": "2026-03-01T17:00:00.000000Z"}, {"uuid": "d8cfd1ea-72b2-495a-8544-3c01022a370a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0007", "content": "", "creation_timestamp": "2026-04-10T10:53:42.000000Z"}, {"uuid": "a85b012d-31fc-4ae7-a93d-1d36fff7a8c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://infosec.exchange/users/0patch/statuses/116420383122049547", "content": "", "creation_timestamp": "2026-04-17T13:54:30.490645Z"}, {"uuid": "acf551c5-132d-48ef-85e4-cd0a0ec7b794", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mjp4b3fpksa2", "content": "", "creation_timestamp": "2026-04-17T14:13:46.717230Z"}, {"uuid": "01e7f910-5ee0-4719-9655-967a6f49e781", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mjpuecytmvi2", "content": "", "creation_timestamp": "2026-04-17T21:25:01.012770Z"}, {"uuid": "e6465f5b-3742-4d3b-90f3-602e2d79b05c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mjqk2ct6hd24", "content": "", "creation_timestamp": "2026-04-18T03:53:04.947677Z"}, {"uuid": "82859628-753b-4f09-bd62-f376c3c11df3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20817", "type": "published-proof-of-concept", "source": "https://t.me/poxek/5940", "content": "\u041f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0441 \u043d\u0443\u043b\u044f \u0434\u043e SYSTEM \u0447\u0435\u0440\u0435\u0437 WER\n#LPE #WER #Windows #CVE\n\n\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f CVE-2026-20817 \u0432 \u0441\u043b\u0443\u0436\u0431\u0435 Windows Error Reporting (WER) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u043e\u0442 \u043d\u0438\u0437\u043a\u043e\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f \u0434\u043e NT AUTHORITY\\SYSTEM.\n\n\u267e\ufe0f\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0441\u0443\u0442\u044c\u267e\ufe0f\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 ALPC. \u0421\u043b\u0443\u0436\u0431\u0430 WER, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0430\u044f \u043e\u0442 SYSTEM, \u043f\u0443\u0431\u043b\u0438\u043a\u0443\u0435\u0442 \u043f\u043e\u0440\u0442 \\WindowsErrorReportingService \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u0440\u0430\u0432 \u043a\u043b\u0438\u0435\u043d\u0442\u0430. \u0412 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 CWerService::SvcElevatedLaunch \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0432\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432\u044b\u0437\u044b\u0432\u0430\u044e\u0449\u0435\u0439 \u0441\u0442\u043e\u0440\u043e\u043d\u044b. \u041d\u0438\u0437\u043a\u043e\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c ALPC-\u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435 \u0441 \u0434\u0435\u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0440\u043e\u043c \u0440\u0430\u0437\u0434\u0435\u043b\u044f\u0435\u043c\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0435\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u0443\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u0443\u044e \u0441\u0442\u0440\u043e\u043a\u0443.\n\n\u041f\u043e\u0441\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u0441\u043b\u0443\u0436\u0431\u0430:\n\n\u25aa\ufe0f \u0434\u0443\u0431\u043b\u0438\u0440\u0443\u0435\u0442 \u043f\u0435\u0440\u0435\u0434\u0430\u043d\u043d\u0443\u044e \u043f\u0430\u043c\u044f\u0442\u044c,\n\u25aa\ufe0f \u0447\u0438\u0442\u0430\u0435\u0442 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u0443\u044e \u0441\u0442\u0440\u043e\u043a\u0443 \u0431\u0435\u0437 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0432\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u0438,\n\u25aa\ufe0f \u043f\u0440\u0438 \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0442\u043e\u043a\u0435\u043d \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 fallback,\n\u25aa\ufe0f \u0441\u043e\u0437\u0434\u0430\u0435\u0442 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u0439 SYSTEM-\u0442\u043e\u043a\u0435\u043d \u0447\u0435\u0440\u0435\u0437 CreateRestrictedToken, \u0443\u0434\u0430\u043b\u044f\u044f \u0442\u043e\u043b\u044c\u043a\u043e SeTcbPrivilege, \u043d\u043e \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u044b\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438: SeDebugPrivilege, SeImpersonatePrivilege \u0438 SeBackupPrivilege. \n\n\u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0446\u0435\u0441\u0441 WerFault.exe \u0438\u043b\u0438 WerMgr.exe \u0441 SYSTEM-\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u043e\u0439 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u043e\u0439.\n\n\u267e\ufe0f\u0418\u043c\u043f\u0430\u043a\u0442\u267e\ufe0f\n\n\u041f\u043e\u043b\u043d\u0430\u044f \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u2014 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 SYSTEM (\u043b\u043e\u043a\u0430\u043b\u044c\u043d\u0430\u044f LPE).\n\n\u267e\ufe0f\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f\u267e\ufe0f\n\n\u25aa\ufe0f \u0421\u043e\u0437\u0434\u0430\u0442\u044c \u0440\u0430\u0437\u0434\u0435\u043b\u044f\u0435\u043c\u0443\u044e \u043f\u0430\u043c\u044f\u0442\u044c (CreateFileMapping, MapViewOfFile) \u0438 \u0437\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u0443\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u0443\u044e \u0441\u0442\u0440\u043e\u043a\u0443 (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, cmd.exe /c whoami &gt; C:\\poc_wer.txt).\n\n\u25aa\ufe0f \u041f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a ALPC-\u043f\u043e\u0440\u0442\u0443 \\WindowsErrorReportingService \u0447\u0435\u0440\u0435\u0437 NtAlpcConnectPort / NtAlpcSendWaitReceivePort.\n\n\u25aa\ufe0f \u041e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0435 ALPC-\u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435: \u0442\u0438\u043f 0, \u043c\u0435\u0442\u043e\u0434 0x0D (WER_ELEVATED_LAUNCH_METHOD), \u0434\u0435\u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0440 \u0440\u0430\u0437\u0434\u0435\u043b\u044f\u0435\u043c\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438, \u0434\u043b\u0438\u043d\u0430 \u0441\u0442\u0440\u043e\u043a\u0438, PID \u043a\u043b\u0438\u0435\u043d\u0442\u0430.\n\n\u25aa\ufe0f \u041f\u043e\u0441\u043b\u0435 WER \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442 \u0446\u0435\u043f\u043e\u0447\u043a\u0443: SvcElevatedLaunch \u2192 ElevatedProcessStart \u2192 CreateElevatedProcessAsUser.\n\n\u25aa\ufe0f Fallback-\u043b\u043e\u0433\u0438\u043a\u0430 \u0441\u043e\u0437\u0434\u0430\u0435\u0442 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u0439 SYSTEM-\u0442\u043e\u043a\u0435\u043d \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442 CreateProcessAsUserW \u0441 WerFault.exe \u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u043e\u0439.\n\n\ud83d\udd17\u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a \u0438 PoC\n\n\ud83c\udf1a @poxek | \ud83d\udcf2 MAX |\ud83c\udf1a \u0411\u043b\u043e\u0433 | \ud83d\udcfa YT | \ud83d\udcfa RT | \ud83d\udcfa VK", "creation_timestamp": "2026-02-24T12:32:22.000000Z"}]}