CVE-2019-0623 — Microsoft Windows vulnerability

8 documents6 sources

Severity

7.8HIGHNVD

EPSS

34.2%

top 3.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Microsoft Windows Server Microsoft Windows 10 +18 more

Timeline

PublishedMar 5

Latest updateJun 28

Description

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages19 packages

▶msrcmsrc/windows_7

▶msrcmsrc/windows_10

▶msrcmsrc/windows_8.1

▶CVEListV5microsoft/windows17 versions+16

▶NVDmicrosoft/windowsr2, 1709, 1803+2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-92xm-45mw-fv9w: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation↗2022-05-13

▶

VulnCheck

Win32k Elevation of Privilege↗2019

▶

📋Vendor Advisories

Microsoft

Win32k Elevation of Privilege Vulnerability↗2019-02-12

▶

🕵️Threat Intelligence

Unit42

Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor↗2023-06-28

▶

Unit42

Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor↗2023-06-28

▶

💬Community

Bugzilla

CVE-2019-9790 Mozilla: Use-after-free when removing in-use DOM elements↗2019-03-20

▶

Bugzilla

CVE-2019-9795 Mozilla: Type-confusion in IonMonkey JIT compiler↗2019-03-20

▶