- Topic
15k Popularity
102k Popularity
128k Popularity
6k Popularity
3k Popularity
- Pin
- 🎉 Hey Gate Square friends! Non-stop perks and endless excitement—our hottest posting reward events are ongoing now! The more you post, the more you win. Don’t miss your exclusive goodies! 🚀
🆘 #Gate 2025 Semi-Year Community Gala# | Square Content Creator TOP 10
Only 1 day left! Your favorite creator is one vote away from TOP 10. Interact on Square to earn Votes—boost them and enter the prize draw. Prizes: iPhone 16 Pro Max, Golden Bull sculpture, Futures Vouchers!
Details 👉 https://www.gate.com/activities/community-vote
1️⃣ #Show My Alpha Points# | Share your Alpha points & gains
Post your - 🚀 ETH jumped to $4,600 this morning, up 8.69% in 24h!
Just shy of the $4,891 ATH—think it breaks through?
📍 Follow Gate_Square, vote and drop your reason.
🎁 4 winners split $100 Futures Voucher! - 📢 Exclusive on Gate Square — #PROVE Creative Contest# is Now Live!
CandyDrop × Succinct (PROVE) — Trade to share 200,000 PROVE 👉 https://www.gate.com/announcements/article/46469
Futures Lucky Draw Challenge: Guaranteed 1 PROVE Airdrop per User 👉 https://www.gate.com/announcements/article/46491
🎁 Endless creativity · Rewards keep coming — Post to share 300 PROVE!
📅 Event PeriodAugust 12, 2025, 04:00 – August 17, 2025, 16:00 UTC
📌 How to Participate
1.Publish original content on Gate Square related to PROVE or the above activities (minimum 100 words; any format: analysis, tutorial, creativ - 💙 Gate Square #Gate Blue Challenge# 💙
Show your limitless creativity with Gate Blue!
📅 Event Period
August 11 – 20, 2025
🎯 How to Participate
1. Post your original creation (image / video / hand-drawn art / digital work, etc.) on Gate Square, incorporating Gate’s brand blue or the Gate logo.
2. Include the hashtag #Gate Blue Challenge# in your post title or content.
3. Add a short blessing or message for Gate in your content (e.g., “Wishing Gate Exchange continued success — may the blue shine forever!”).
4. Submissions must be original and comply with community guidelines. Plagiarism or re - 🎉 The #CandyDrop Futures Challenge# is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win.
Microsoft kernel vulnerability threatens Web3 asset security; hackers can gain system control.
Analysis of Microsoft's Critical 0day Vulnerability: Potential Threat to Web3 Security
Last month, Microsoft released a security patch that fixed a Windows kernel privilege escalation vulnerability being exploited by hackers. This vulnerability only affects earlier Windows systems, while Windows 11 seems unaffected. This article will analyze how attackers may continue to exploit this vulnerability in the context of increasingly strengthened security measures.
This 0day vulnerability may be maliciously exploited without detection after being discovered, posing significant destructive potential. Through this vulnerability, hackers can gain complete control of the Windows system. Being compromised may lead to serious consequences such as personal information leaks, system crashes, and financial losses. From a Web3 perspective, users' private keys may be stolen, digital assets may be transferred, and it could even impact the entire Web3 ecosystem based on Web2 infrastructure.
Analysis of the patch revealed that the issue lies in the reference count of an object being processed multiple times. win32k is older code, and from earlier comments, it can be seen that the previous code only locked the window object and did not lock the menu object within the window, which may lead to incorrect references to the menu object.
To trigger the vulnerability, we constructed a special multi-layer menu structure and removed certain reference relationships at key positions. This allows the target menu object to be successfully released when the kernel function returns to the user layer, making it invalid for subsequent references.
The overall idea of exploiting this vulnerability is to elevate privileges by modifying the token address through read and write primitives. The key is how to control the value of cbwndextra using the UAF vulnerability, and subsequently how to reliably achieve arbitrary read and write operations.
We have achieved stable read and write primitives through a carefully designed memory layout, utilizing window objects and HWNDClass objects. GetMenuBarInfo() is used for arbitrary read, and SetClassLongPtr() is used for arbitrary write. Except for token writing, other writes are implemented using the class object of the first window object through offsets.
Overall, the win32k vulnerability has a long history, but Microsoft is reconstructing the related code using Rust. The exploitation of such vulnerabilities mainly relies on the leakage of desktop heap handle addresses. If this issue is not thoroughly resolved, older systems will still be at risk. In the future, targeted detection of abnormal memory layouts and window data read/write operations may be one of the effective ways to discover such vulnerabilities.