⚠ Actively exploited

Added to CISA KEV on 2022-03-15. Federal agencies required to patch by 2022-04-05. Required action: Apply updates per vendor instructions..

CVE-2019-1132

8 documents8 sources

7.8

CVSS

HIGH

EPSS36.5%(97th)

CISA KEVExploited in Wild

CISA Required Action: Apply updates per vendor instructions.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5microsoft/windows7 for 32-bit Systems Service Pack 1, 7 for x64-based Systems Service Pack 1+1

▶NVDmicrosoft/windowsr2

▶CVEListV5microsoft/windows_server8 versions+7

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

NVD ↗MITRE ↗Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-wjj5-qcfr-vxxf: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation↗2022-05-24

▶

Project0

Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 - Project Zero↗2020-07-01

▶

CVEList

CVE-2019-1132: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation↗2019-07-29

▶

VulnCheck

Microsoft Win32k Privilege Escalation Vulnerability↗2019

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation↗2019-07-26

▶

📋Vendor Advisories

CISA

Microsoft Win32k Privilege Escalation Vulnerability↗2022-03-15

▶

Microsoft

Win32k Elevation of Privilege Vulnerability↗2019-07-09

▶