⚠ Actively exploited

Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2019-0797 — Improper Resource Shutdown or Release in Microsoft Windows

CWE-404 — Improper Resource Shutdown or Release33 documents10 sources

Severity

7.8HIGHNVD

EPSS

4.5%

top 10.88%

CISA KEV

KEV

Added 2021-11-03

Due 2022-05-03

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Windows Microsoft Windows Server Microsoft Windows Server 2008 +15 more

Timeline

PublishedApr 9

KEV addedNov 3

KEV dueMay 3

Latest updateApr 24

CISA Required Action: Apply updates per vendor instructions.

Description

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages17 packages

▶msrcmsrc/windows_server_2019

▶msrcmsrc/windows_10

▶msrcmsrc/windows_8.1

▶CVEListV5microsoft/windows7 for 32-bit Systems Service Pack 1, 7 for x64-based Systems Service Pack 1+1

▶NVDmicrosoft/windowsr2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-8wc3-99q7-2qvc: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation↗2022-05-13

▶

GHSA

GHSA-74qg-858w-vpcj: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation↗2022-05-13

▶

Project0

Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 - Project Zero↗2020-07-01

▶

VulnCheck

Microsoft Win32k Privilege Escalation Vulnerability↗2019

▶

VulnCheck

Microsoft Win32k Privilege Escalation Vulnerability↗2018

▶

📋Vendor Advisories

CISA

Microsoft Win32k Privilege Escalation Vulnerability↗2021-11-03

▶

Microsoft

Win32k Elevation of Privilege Vulnerability↗2019-03-12

▶

🕵️Threat Intelligence

Securelist

Lazarus APT updates its toolset in watering hole attacks↗2025-04-24

▶

Securelist

The EAGERBEE backdoor may be related to the CoughingDown actor↗2025-01-06

▶

Securelist

Lazarus targets nuclear-related organization with new malware↗2024-12-19

▶

Securelist

Modern Asia APT groups TTPs↗2023-11-09

▶

Securelist

Minas — a multi-stage cryptocurrency miner infection↗2023-05-17

▶