AttackerKBAKB:FCD6BD45-AB66-4764-AFF8-E1ADCDC65E40CVE-2019-1132
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
Privilege Escalation on Windows 7, Server 2008, and Server 2008 R2 targeting win32k.sys
Recent assessments:
FULLSHADE at April 21, 2020 4:04am UTC reported:
This vulnerability takes advantage of a null pointer dereference within the Windows win32k.sys driver, win32k.sys is notorious for including GDI objects and other objects that can be abused and utilized for various types of exploitation. This vulnerability takes advantage of pop-up menu objects, and exploitation of this vulnerability can grant the user system access, AKA Escalation of privilege. This vulnerability displays a menu using the TrackPopupMenu function, And code that is hooked to EVENT_SYSTEM_MENUPOPUPSTART gets executed.
This vulnerability also flips the bServerSideWindowProc bit within the tagWND data structure, Also it utilizes the tagWND structure to leak kernel memory addresses.
This vulnerability seems to be mitigated on the newer versions of windows, within Windows 8.1 with the introduction of various mitigations, null pointer dereference vulnerabilities stopped existing. And on some newer and more previous windows 10 security updates, there have been mitigations to prevent kernel address leakage from the tagWND structure.
bwatters-r7 at July 10, 2019 1:02pm UTC reported:
This vulnerability takes advantage of a null pointer dereference within the Windows win32k.sys driver, win32k.sys is notorious for including GDI objects and other objects that can be abused and utilized for various types of exploitation. This vulnerability takes advantage of pop-up menu objects, and exploitation of this vulnerability can grant the user system access, AKA Escalation of privilege. This vulnerability displays a menu using the TrackPopupMenu function, And code that is hooked to EVENT_SYSTEM_MENUPOPUPSTART gets executed.
This vulnerability also flips the bServerSideWindowProc bit within the tagWND data structure, Also it utilizes the tagWND structure to leak kernel memory addresses.
This vulnerability seems to be mitigated on the newer versions of windows, within Windows 8.1 with the introduction of various mitigations, null pointer dereference vulnerabilities stopped existing. And on some newer and more previous windows 10 security updates, there have been mitigations to prevent kernel address leakage from the tagWND structure.
gwillcox-r7 at November 22, 2020 2:46am UTC reported:
This vulnerability takes advantage of a null pointer dereference within the Windows win32k.sys driver, win32k.sys is notorious for including GDI objects and other objects that can be abused and utilized for various types of exploitation. This vulnerability takes advantage of pop-up menu objects, and exploitation of this vulnerability can grant the user system access, AKA Escalation of privilege. This vulnerability displays a menu using the TrackPopupMenu function, And code that is hooked to EVENT_SYSTEM_MENUPOPUPSTART gets executed.
This vulnerability also flips the bServerSideWindowProc bit within the tagWND data structure, Also it utilizes the tagWND structure to leak kernel memory addresses.
This vulnerability seems to be mitigated on the newer versions of windows, within Windows 8.1 with the introduction of various mitigations, null pointer dereference vulnerabilities stopped existing. And on some newer and more previous windows 10 security updates, there have been mitigations to prevent kernel address leakage from the tagWND structure.
asoto-r7 at September 12, 2019 6:06pm UTC reported:
This vulnerability takes advantage of a null pointer dereference within the Windows win32k.sys driver, win32k.sys is notorious for including GDI objects and other objects that can be abused and utilized for various types of exploitation. This vulnerability takes advantage of pop-up menu objects, and exploitation of this vulnerability can grant the user system access, AKA Escalation of privilege. This vulnerability displays a menu using the TrackPopupMenu function, And code that is hooked to EVENT_SYSTEM_MENUPOPUPSTART gets executed.
This vulnerability also flips the bServerSideWindowProc bit within the tagWND data structure, Also it utilizes the tagWND structure to leak kernel memory addresses.
This vulnerability seems to be mitigated on the newer versions of windows, within Windows 8.1 with the introduction of various mitigations, null pointer dereference vulnerabilities stopped existing. And on some newer and more previous windows 10 security updates, there have been mitigations to prevent kernel address leakage from the tagWND structure.
Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 3
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1132
krebsonsecurity.com/tag/cve-2019-1132
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1132?ranMID=24542&ranEAID=je6NUbpObpQ&ranSiteID=je6NUbpObpQ-lrk8C6YhfOATFqhjpyhj4w&epi=je6NUbpObpQ-lrk8C6YhfOATFqhjpyhj4w&irgwc=1&OCID=AID2000142_aff_7593_1243925&tduid=(ir__6afrwcopdgkfrlt1kk0sohz30m2xjmdpmtllxq3q00)(7593)(1243925)(je6NUbpObpQ-lrk8C6YhfOATFqhjpyhj4w)()&irclickid=_6afrwcopdgkfrlt1kk0sohz30m2xjmdpmtllxq3q00
twitter.com/cherepanov74/status/1148887669948030977
www.welivesecurity.com/2019/07/10/windows-zero-day-cve-2019-1132-exploit
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C