Lucene search

PRIOn knowledge basePRION:CVE-2020-36603

HistorySep 14, 2022 - 10:15 p.m.

Code injection

2022-09-1422:15:00

PRIOn knowledge base

www.prio-n.com

hoyoverse

genshin impact

mhyprot2.sys

code injection

anti-cheat

driver

windows

nvd

arbitrary code

system privileges

microsoft

6.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.5%

JSON

The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequately restrict unprivileged function calls, allowing local, unprivileged users to execute arbitrary code with SYSTEM privileges on Microsoft Windows systems. The mhyprot2.sys driver must first be installed by a user with administrative privileges.

CPENameOperatorVersion
mhyprot2eq1.0.0.0

CPE	Name	Operator	Version
	mhyprot2	eq	1.0.0.0

References

github.com/kagurazakasanae/Mhyprot2DrvControl

github.com/kkent030315/evil-mhyprot-cli

web.archive.org/web/20211204031301/https://www.godeye.club/2021/05/20/001-disclosure-mhyprot.html

www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html

www.vice.com/en/article/y3p35w/hackers-are-using-anti-cheat-in-genshin-impact-to-ransom-victims