The Microsoft Windows Kernel Cryptography Driver (cng.sys)
exposes a \Device\CNG device to user-mode programs and supports a
variety of IOCTLs with non-trivial input structures. It constitutes
a locally accessible attack surface that can be exploited for
privilege escalation (such as sandbox escape).