cbcvebase.
CVE-2019-0623
published 2019-03-05

CVE-2019-0623: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of…

PriorityP276high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
5.93%
92.3th percentile
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

Affected

56 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_server
microsoftwindows_server
microsoftwindows_server
microsoftwindows_server

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability resides in the Win32k kernel component; monitor for specially crafted application execution by locally logged-on users targeting Win32k object handling in kernel mode
  • Exploitation requires local logon; alert on low-privileged users spawning processes that interact with Win32k and subsequently gain kernel-mode code execution
  • Post-exploitation indicators include new account creation or modification of data by processes running in kernel mode; monitor for unexpected privilege escalation to SYSTEM from standard user context
  • ·Microsoft assessed exploitation as 'Less Likely' for both latest and older software releases at time of disclosure; no in-the-wild exploitation was confirmed

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
vendor_msrc7.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.