CVE-2020-0642
published 2020-01-14CVE-2020-0642: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of…
PriorityP181high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
ITWEXPLOITVulnCheck KEVRansomware
Exploited in the wild
EPSS
1.50%
71.0th percentile
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0624.
Affected
68 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit manipulates the KernelCallbackTable entries (index 2 and 3) in the PEB by calling VirtualProtect with PAGE_EXECUTE_READWRITE and then swapping function pointers via InterlockedExchangePointer — monitor for user-mode processes modifying KernelCallbackTable pointers. ↗
- →Exploit triggers the vulnerability by sending WM_LBUTTONDOWN to a ScrollBar child window while a parent window is destroyed mid-callback (use-after-free pattern) — look for DestroyWindow called from within a KernelCallbackTable hook during message processing. ↗
- →Exploit creates two ScrollBar class windows (one parent, one child with WS_VISIBLE) as the setup for the Win32k object mishandling — creation of ScrollBar windows followed immediately by DestroyWindow in a callback context is suspicious. ↗
- →Exploit calls ExitThread(0) from within the hooked KernelCallbackTable[3] (CCI3) to abort execution after the race condition is triggered — abrupt thread termination from within a kernel callback hook is a strong behavioral indicator. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cfcc-rvr7-95xp: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-0624 [HIGH] CWE-269 GHSA-cfcc-rvr7-95xp: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0642.
GHSA
GHSA-955r-cpqg-mww2: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-0642 [HIGH] CWE-269 GHSA-955r-cpqg-mww2: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0624.
VulnCheck
Win32k Elevation of Privilege
vulncheck·2020·CVSS 7.8
CVE-2020-0624 [HIGH] Win32k Elevation of Privilege
Win32k Elevation of Privilege
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0642.
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.niiconsulting.com/Security_Advisories/Security_Advisory_Digest_Feb_2020_Edition_1.pdf
VulnCheck
Microsoft Windows Use After Free
vulncheck·2020·CVSS 7.8
CVE-2020-0642 [HIGH] Microsoft Windows Use After Free
Microsoft Windows Use After Free
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0624.
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.niiconsulting.com/Security_Advisories/Security_Advisory_Digest_Feb_2020_Edition_1.pdf
Microsoft
Win32k Elevation of Privilege Vulnerability
vendor_msrc·2020-01-14·CVSS 7.8
CVE-2020-0642 [HIGH] Win32k Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Microsoft Graphics Component: Microsoft Graphics Component
Impact: Elevation of Pri
Suricata
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0642 [HIGH] ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id DELETE
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id DELETE"; flow:established,to_server; http.uri; content:"/user_confirm.asp?"; nocase; content:"id="; nocase; content:"DELETE"; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2007-0642; reference:url,www.securityfocus.com/bid/22350; classtype:web-application-attack; sid:2005096; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acce
Suricata
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0642 [HIGH] ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass INSERT
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass INSERT"; flow:established,to_server; http.uri; content:"/user_confirm.asp?"; nocase; content:"pass="; nocase; content:"INSERT"; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2007-0642; reference:url,www.securityfocus.com/bid/22350; classtype:web-application-attack; sid:2005101; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initia
Suricata
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0642 [HIGH] ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id SELECT
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id SELECT"; flow:established,to_server; http.uri; content:"/user_confirm.asp?"; nocase; content:"id="; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2007-0642; reference:url,www.securityfocus.com/bid/22350; classtype:web-application-attack; sid:2005093; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acce
Suricata
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0642 [HIGH] ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id UPDATE
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id UPDATE"; flow:established,to_server; http.uri; content:"/user_confirm.asp?"; nocase; content:"id="; nocase; content:"UPDATE"; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2007-0642; reference:url,www.securityfocus.com/bid/22350; classtype:web-application-attack; sid:2005098; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acces
Suricata
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0642 [HIGH] ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id INSERT
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id INSERT"; flow:established,to_server; http.uri; content:"/user_confirm.asp?"; nocase; content:"id="; nocase; content:"INSERT"; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2007-0642; reference:url,www.securityfocus.com/bid/22350; classtype:web-application-attack; sid:2005095; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acce
Suricata
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-0642 [HIGH] ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id ASCII
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id ASCII"; flow:established,to_server; http.uri; content:"/user_confirm.asp?"; nocase; content:"id="; nocase; content:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2007-0642; reference:url,www.securityfocus.com/bid/22350; classtype:web-application-attack; sid:2005097; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acc
Suricata
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-0642 [HIGH] ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass ASCII
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass ASCII"; flow:established,to_server; http.uri; content:"/user_confirm.asp?"; nocase; content:"pass="; nocase; content:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2007-0642; reference:url,www.securityfocus.com/bid/22350; classtype:web-application-attack; sid:2005103; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initi
Suricata
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0642 [HIGH] ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass UNION SELECT
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass UNION SELECT"; flow:established,to_server; http.uri; content:"/user_confirm.asp?"; nocase; content:"pass="; nocase; content:"UNION"; nocase; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2007-0642; reference:url,www.securityfocus.com/bid/22350; classtype:web-application-attack; sid:2005100; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tacti
Suricata
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0642 [HIGH] ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id UNION SELECT
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id UNION SELECT"; flow:established,to_server; http.uri; content:"/user_confirm.asp?"; nocase; content:"id="; nocase; content:"UNION"; nocase; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2007-0642; reference:url,www.securityfocus.com/bid/22350; classtype:web-application-attack; sid:2005094; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name
Suricata
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0642 [HIGH] ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass UPDATE
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass UPDATE"; flow:established,to_server; http.uri; content:"/user_confirm.asp?"; nocase; content:"pass="; nocase; content:"UPDATE"; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2007-0642; reference:url,www.securityfocus.com/bid/22350; classtype:web-application-attack; sid:2005104; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial
Suricata
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0642 [HIGH] ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass DELETE
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass DELETE"; flow:established,to_server; http.uri; content:"/user_confirm.asp?"; nocase; content:"pass="; nocase; content:"DELETE"; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2007-0642; reference:url,www.securityfocus.com/bid/22350; classtype:web-application-attack; sid:2005102; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initia
Suricata
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0642 [HIGH] ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass SELECT
ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass SELECT"; flow:established,to_server; http.uri; content:"/user_confirm.asp?"; nocase; content:"pass="; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2007-0642; reference:url,www.securityfocus.com/bid/22350; classtype:web-application-attack; sid:2005099; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initia
Talos
Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-01-14·CVSS 8.1
CVE-2020-0601 [HIGH] Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw. Updated January 15th: Added an Advanced Custom Detection (ACD) signature for AMP that can be used to detect exploitation of CVE-2020-0601 by spoofing certificates masquerading as a Microsoft ECC Code Signing Certificate Authority.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 49 vulnerabilities, eight of which are considered critical.
This month's security update is particularly important for its disclosure of two vulnerabilities related to a core cryptographic component in all versions of Windows. CVE-2020-0601 could allow an attacker to use cryptography
Talos
Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-01-14·CVSS 8.1
CVE-2020-0601 [HIGH] Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Updated January 15th: Added an Advanced Custom Detection (ACD) signature for AMP that can be used to detect exploitation of CVE-2020-0601 by spoofing certificates masquerading as a Microsoft ECC Code Signing Certificate Authority.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 49 vulnerabilities, eight of which are considered critical.
This month's security update is particularly important for its disclosure of two vulnerabilities related to a core cryptographic component in all versions of Windows. CVE-2020-0601 could allow an attacker to use cryptography to sign a malicious executable, making the file appear as if it was from a trusted sou
http://packetstormsecurity.com/files/158729/Microsoft-Windows-Win32k-Privilege-Escalation.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0642http://packetstormsecurity.com/files/158729/Microsoft-Windows-Win32k-Privilege-Escalation.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0642
2020-01-14
Published
Exploited in the wild