TL;DR: Abusing enabled token privileges through a kernel exploit to gain EoP it won’t be enough anymore as from NT kernel version 10.0.15063 they are ‘checked’ against the privileges present in the token of the calling process. So you will need two writes.

Download full article.

Enjoy,
kyREcon