CVE-2019-0881
published 2019-05-16CVE-2019-0881: An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege…
PriorityP346high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
2.64%
83.7th percentile
An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'.
Affected
66 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_msrc8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Project0
The Windows Registry Adventure #8: Practical exploitation of hive memory corruption - Project Zero
project_zero·2025-05-01
CVE-2019-0881 The Windows Registry Adventure #8: Practical exploitation of hive memory corruption - Project Zero
Posted by Mateusz Jurczyk, Google Project Zero
In the previous blog post, we focused on the general security analysis of the registry and how to effectively approach finding vulnerabilities in it. Here, we will direct our attention to the exploitation of hive-based memory corruption bugs, i.e., those that allow an attacker to overwrite data within an active hive mapping in memory. This is a class of issues characteristic of the Windows registry, but universal enough that the techniques described here are applicable to 17 of my past vulnerabilities, as well as likely any similar bugs in the future. As we know, hives exhibit a very special behavior in terms of low-level memory management (how and where they are mapped in memory), handling of allocated and freed memory chunks by a custom al
Project0
The Windows Registry Adventure #7: Attack surface analysis - Project Zero
project_zero·2025-05-01
CVE-2010-0237 The Windows Registry Adventure #7: Attack surface analysis - Project Zero
Posted by Mateusz Jurczyk, Google Project Zero
In the first three blog posts of this series, I sought to outline what the Windows Registry actually is, its role, history, and where to find further information about it. In the subsequent three posts, my goal was to describe in detail how this mechanism works internally – from the perspective of its clients (e.g., user-mode applications running on Windows), the regf format used to encode hives, and finally the kernel itself, which contains its canonical implementation. I believe all these elements are essential for painting a complete picture of this subsystem, and in a way, it shows my own approach to security research. One could say that going through this tedious process of getting to know the target unnecessarily lengthens the total
Project0
The Windows Registry Adventure #5: The regf file format - Project Zero
project_zero·2024-12-01
CVE-2015-0073 The Windows Registry Adventure #5: The regf file format - Project Zero
Posted by Mateusz Jurczyk, Google Project Zero
As previously mentioned in the second installment of the blog post series ("A brief history of the feature"), the binary format used to encode registry hives from Windows NT 3.1 up to the modern Windows 11 is called regf. In a way, it is quite special, because it represents a registry subtree simultaneously on disk and in memory, as opposed to most other common file formats. Documents, images, videos, etc. are generally designed to store data efficiently on disk, and they are subsequently parsed to and from different in-memory representations whenever they are read or written. This seems only natural, as offline storage and RAM come with different constraints and requirements. On disk, it is important that the data is packed as tightly as
GHSA
GHSA-chq2-xrc4-6mwv: An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege
ghsa_unreviewed·2022-05-24
CVE-2019-0881 [HIGH] CWE-522 GHSA-chq2-xrc4-6mwv: An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege
An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'.
Microsoft
Windows Kernel Elevation of Privilege Vulnerability
vendor_msrc·2019-05-14·CVSS 8.8
CVE-2019-0881 [HIGH] Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.
A locally authenticated attacker could exploit this vulnerability by running a specially crafted application.
The security update addresses the vulnerability by helping to ensure that the Windows Kernel properly handles key enumeration.
Windows Kernel: Windows Kernel
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.asp
No detection rules found.
http://packetstormsecurity.com/files/152988/Microsoft-Windows-CmKeyBodyRemapToVirtualForEnum-Arbitrary-Key-Enumeration.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0881http://packetstormsecurity.com/files/152988/Microsoft-Windows-CmKeyBodyRemapToVirtualForEnum-Arbitrary-Key-Enumeration.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0881
2019-05-16
Published