Description
The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequately restrict unprivileged function calls, allowing local, unprivileged users to execute arbitrary code with SYSTEM privileges on Microsoft Windows systems. The mhyprot2.sys driver must first be installed by a user with administrative privileges.
Exploits (1)
References (5)
Core 5
Core References
Third Party Advisory x_refsource_misc
https://github.com/kkent030315/evil-mhyprot-cli
Exploit, Third Party Advisory x_refsource_misc
https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html
Exploit, Press/Media Coverage, Third Party Advisory x_refsource_misc
https://www.vice.com/en/article/y3p35w/hackers-are-using-anti-cheat-in-genshin-impact-to-ransom-victims
Third Party Advisory x_refsource_misc
https://github.com/kagurazakasanae/Mhyprot2DrvControl
Exploit, Third Party Advisory x_refsource_misc
https://web.archive.org/web/20211204031301/https://www.godeye.club/2021/05/20/001-disclosure-mhyprot.html
Scores
CVSS v3
6.5
EPSS
0.0060
EPSS Percentile
69.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-269
Status
published
Products (1)
hoyoverse/mhyprot2
1.0.0.0
Published
Sep 14, 2022
Tracked Since
Feb 18, 2026