Microsoft Windows Win32k CVE-2019-0808 Local Privilege Escalation Vulnerability

Microsoft Windows is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with elevated privileges. Failed exploit attempts may result in a denial of service condition.

Information

Bugtraq ID: 107331
Class: Design Error
CVE: CVE-2019-0808

Remote: No
Local: Yes
Published: Mar 12 2019 12:00AM
Updated: Mar 15 2019 10:00AM
Credit: Clment Lecigne of Google Threat Analysis Group
Vulnerable: Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 7 for 32-bit Systems SP1

Not Vulnerable:

Exploit

Reports indicate that this issue is being exploited in the wild. Please see the references for more information.
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

• Microsoft Homepage (Microsoft)
  
• Root Cause of the Kernel Privilege Escalation Vulnerabilities CVE-2019-0808 (360 Core Security)
  
• CVE-2019-0808 | Win32k Elevation of Privilege Vulnerability (Microsoft)
  

Source: www.securityfocus.com