[Yarden Shafir @ X] appid.sys receives 2 function pointers from a user and blindly calls them. 0 validations are done. The most interesting part of this bug to me is that this very trivial bug isn't an ancient one that hasn't been discovered for decades -- it was introduced in Windows 10.
https://twitter.com/yarden_shafir/status/1763248032043147288