⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-07-10.

CVE-2019-1458 — Use After Free in Microsoft Windows

CWE-416 — Use After Free50 documents17 sources

Severity

7.8HIGHNVD

VulnCheck7.5

EPSS

92.0%

top 0.30%

CISA KEV

KEVRansomware

Added 2022-01-10

Due 2022-07-10

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Windows Microsoft Windows Server Microsoft Windows Server 2008 +1 more

Timeline

PublishedDec 10

KEV addedJan 10

KEV dueJul 10

Latest updateJun 28

CISA Required Action: Apply updates per vendor instructions.

Description

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5microsoft/windows9 versions+8

▶NVDmicrosoft/windowsr2

▶CVEListV5microsoft/windows_server14 versions+13

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-hqp5-7hf2-3rq4: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation↗2022-05-24

▶

Project0

Root Cause Analyses for 0-day In-the-Wild Exploits - Project Zero↗2020-07-01

▶

Project0

Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 - Project Zero↗2020-07-01

▶

Project0

TFW you-get-really-excited-you-patch-diffed-a-0day-used-in-the-wild-but-then-find-out-it-is-the-wrong-vuln - Project Zero↗2020-04-01

▶

VulnCheck

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability↗2020

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - 'WizardOpium' Local Privilege Escalation↗2020-03-03

▶

Metasploit

Google Chrome 67, 68 and 69 Object.create exploit↗

▶

Metasploit

Microsoft Windows Uninitialized Variable Local Privilege Elevation↗

▶

📋Vendor Advisories

CISA

Microsoft Win32k Privilege Escalation Vulnerability↗2022-01-10

▶

Microsoft

Win32k Elevation of Privilege Vulnerability↗2019-12-10

▶

🕵️Threat Intelligence

Unit42

Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor↗2023-06-28

▶

Unit42

Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor↗2023-06-28

▶

Tenable

ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help↗2022-03-24

▶

Qualys

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys↗2022-02-23

▶

Trendmicro

PurpleFox Adds New Backdoor That Uses WebSockets↗2021-10-19

▶