- Topic
2k Popularity
2k Popularity
132k Popularity
149 Popularity
17k Popularity
- Pin
- 🎉 Hey Gate Square friends! Non-stop perks and endless excitement—our hottest posting reward events are ongoing now! The more you post, the more you win. Don’t miss your exclusive goodies! 🚀
🆘 #Gate 2025 Semi-Year Community Gala# | Square Content Creator TOP 10
Only 1 day left! Your favorite creator is one vote away from TOP 10. Interact on Square to earn Votes—boost them and enter the prize draw. Prizes: iPhone 16 Pro Max, Golden Bull sculpture, Futures Vouchers!
Details 👉 https://www.gate.com/activities/community-vote
1️⃣ #Show My Alpha Points# | Share your Alpha points & gains
Post your - 🚀 ETH jumped to $4,600 this morning, up 8.69% in 24h!
Just shy of the $4,891 ATH—think it breaks through?
📍 Follow Gate_Square, vote and drop your reason.
🎁 4 winners split $100 Futures Voucher! - 📢 Exclusive on Gate Square — #PROVE Creative Contest# is Now Live!
CandyDrop × Succinct (PROVE) — Trade to share 200,000 PROVE 👉 https://www.gate.com/announcements/article/46469
Futures Lucky Draw Challenge: Guaranteed 1 PROVE Airdrop per User 👉 https://www.gate.com/announcements/article/46491
🎁 Endless creativity · Rewards keep coming — Post to share 300 PROVE!
📅 Event PeriodAugust 12, 2025, 04:00 – August 17, 2025, 16:00 UTC
📌 How to Participate
1.Publish original content on Gate Square related to PROVE or the above activities (minimum 100 words; any format: analysis, tutorial, creativ - 💙 Gate Square #Gate Blue Challenge# 💙
Show your limitless creativity with Gate Blue!
📅 Event Period
August 11 – 20, 2025
🎯 How to Participate
1. Post your original creation (image / video / hand-drawn art / digital work, etc.) on Gate Square, incorporating Gate’s brand blue or the Gate logo.
2. Include the hashtag #Gate Blue Challenge# in your post title or content.
3. Add a short blessing or message for Gate in your content (e.g., “Wishing Gate Exchange continued success — may the blue shine forever!”).
4. Submissions must be original and comply with community guidelines. Plagiarism or re - 🎉 The #CandyDrop Futures Challenge# is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win.
Microsoft vulnerabilities threaten Web3 security, with older Windows systems becoming a disaster zone.
Analysis of Serious Vulnerabilities in Microsoft Windows System: Potential Security Risks to Web3 Infrastructure
Last month, Microsoft released a security patch that fixed a win32k privilege escalation vulnerability being exploited in the wild by hacker groups. This vulnerability primarily exists in older versions of Windows and cannot be triggered on Windows 11.
These types of win32k vulnerabilities have existed for a long time. This article will analyze how attackers may continue to exploit this vulnerability in the context of constantly improving security measures. We have conducted a comprehensive analysis in a Windows Server 2016 environment.
This 0day vulnerability is a serious flaw at the Windows system level, allowing hackers to gain complete control of the system. After an attack, it may lead to severe consequences such as personal information leakage, system crashes, data loss, financial losses, and malware implantation. From a Web3 perspective, users' private keys may be stolen, and digital assets may be transferred. More seriously, this vulnerability could threaten the entire Web3 ecosystem running on Web2 infrastructure.
Patch analysis shows that the issue lies in the reference count of an object being processed multiple times. According to earlier source code comments, previous code only locked the window object, without locking the menu object in the window, which led to the menu object potentially being referenced incorrectly.
To reproduce the vulnerability, we constructed a special multi-layer nested menu structure and set specific properties for each menu to pass the system checks. Ultimately, when the xxxRedrawTitle function returns to the user layer, the vulnerability is triggered by removing the reference relationships between the menus.
In terms of exploitation, we mainly considered two approaches: executing shellcode and using read-write primitives to modify the token. Considering some security mechanisms on the new system, we chose the latter. The entire exploitation process can be divided into two steps: first, controlling the value of cbwndextra using the UAF vulnerability, and then constructing stable read-write primitives based on this.
We achieve control over the target data by using a carefully designed memory layout, along with window objects and HWNDClass objects. Finally, we use the GetMenuBarInfo() and SetClassLongPtr() functions to realize arbitrary read and write.
Overall, although the win32k vulnerability has begun to be restructured with Rust in the Windows 11 preview version, it still poses a serious security risk for older systems. The exploitation process of this vulnerability is relatively simple and mainly relies on the leakage of desktop heap handle addresses. Future detection of such vulnerabilities can focus on abnormal memory layouts and unconventional read and write operations on window data.