CVE-2021-1732 is a Win32k local privilege escalation in win32kfull.sys. By flipping the 0x800 bit on tagWND with NtUserConsoleControl and returning a fake value from a user-mode callback inside xxxClientAllocWindowClassExtraBytes, an attacker turns the cbWndExtra length into a controllable kernel write offset and walks the token to NT AUTHORITY SYSTEM. End-to-end Metasploit PoC against Windows 10 20H2. core-jmp.org/2026/06/cve-202… #BITTERAPT #CVE20211732 #ElevationOfPrivilege #KernelExploit #LPE #Metasploit #Meterpreter #MSFVenom #NTAUTHORITYSYSTEM #NtUserConsoleControl #OutofBoundsWrite #ReflectiveDLLInjection #Win32k #win32kfullsys #Windows10 #WindowsKernelExploitation #WindowsKernelVulnerability #WindowsLPE #WndExtra