⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-05-03.
CVE-2019-1215 — Improper Privilege Management in Microsoft Windows
Severity
7.8HIGHNVD
EPSS
5.2%
top 10.01%
CISA KEV
KEVRansomware
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedSep 11
KEV addedNov 3
KEV dueMay 3
Latest updateMay 24
CISA Required Action: Apply updates per vendor instructions.
Description
An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages23 packages
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-wp5j-ppw9-22mw: An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions↗2022-05-24
GHSA▶
GHSA-63x7-m3j2-hxwg: An elevation of privilege vulnerability exists in the way that ws2ifsl↗2022-05-24
GHSA▶
GHSA-mgf9-3fp9-mhfh: An elevation of privilege vulnerability exists in the way that the unistore↗2022-05-24
GHSA▶
GHSA-2fr6-xf6c-rwpx: An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions↗2022-05-24
💥Exploits & PoCs
1Exploit-DB▶
Microsoft Windows 10 (19H1 1901 x64) - 'ws2ifsl.sys' Use After Free Local Privilege Escalation (kASLR kCFG SMEP)↗2020-01-07
📋Vendor Advisories
2🕵️Threat Intelligence
9Tenable▶
ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help↗2022-03-24