⚠ Actively exploited

Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2019-0808 — Microsoft Windows vulnerability

25 documents15 sources

Severity

7.8HIGHNVD

EPSS

74.0%

top 1.16%

CISA KEV

KEV

Added 2021-11-03

Due 2022-05-03

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Windows Microsoft Windows Server Microsoft Windows Server 2008 +8 more

Timeline

PublishedApr 9

KEV addedNov 3

KEV dueMay 3

Latest updateMay 13

CISA Required Action: Apply updates per vendor instructions.

Description

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

▶CVEListV5microsoft/windows7 for 32-bit Systems Service Pack 1, 7 for x64-based Systems Service Pack 1+1

▶NVDmicrosoft/windowsr2

▶CVEListV5microsoft/windows_server8 versions+7

▶msrcmsrc/windows_7_for_32-bit_systems_service_pack_1

▶msrcmsrc/windows_7_for_x64-based_systems_service_pack_1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-8wc3-99q7-2qvc: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation↗2022-05-13

▶

GHSA

GHSA-74qg-858w-vpcj: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation↗2022-05-13

▶

Project0

Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 - Project Zero↗2020-07-01

▶

VulnCheck

Microsoft Win32k Privilege Escalation Vulnerability↗2019

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows 7/2008 - 'Win32k' Denial of Service (PoC)↗2019-03-26

▶

Metasploit

Microsoft Windows NtUserMNDragOver Local Privilege Elevation↗

▶

📋Vendor Advisories

CISA

Microsoft Win32k Privilege Escalation Vulnerability↗2021-11-03

▶

Microsoft

Win32k Elevation of Privilege Vulnerability↗2019-03-12

▶

🕵️Threat Intelligence

Qualys

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys↗2022-02-23

▶

Trendmicro

PurpleFox Adds New Backdoor That Uses WebSockets↗2021-10-19

▶

Trendmicro

PurpleFox Adds New Backdoor That Uses WebSockets↗2021-10-19

▶

Trendmicro

PurpleFox Adds New Backdoor That Uses WebSockets↗2021-10-19

▶

Trendmicro

PurpleFox Adds New Backdoor That Uses WebSockets↗2021-10-19

▶