SB2019041002 - Multiple vulnerabilities in Windows kernel drivers
Published: April 10, 2019 Updated: April 10, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2019-0848)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition due to the way the win32k component provides kernel information. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
2) Out-of-bounds read (CVE-ID: CVE-2019-0814)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition due to the way the win32k component provides kernel information. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
3) Out-of-bounds read (CVE-ID: CVE-2019-0844)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition due to the way the Windows kernel handles objects in memory. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
4) Out-of-bounds read (CVE-ID: CVE-2019-0840)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition due to the way the Windows kernel handles objects in memory. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
5) Buffer overflow (CVE-ID: CVE-2019-0685)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-0805)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows handles calls to the LUAFV driver (luafv.sys). A local user can create a malicious application, launch it on the system and run arbitrary code in the security context of the local system.
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-0836)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows handles calls to the LUAFV driver (luafv.sys). A local user can create a malicious application, launch it on the system and run arbitrary code in the security context of the local system.
8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-0796)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows handles calls to the LUAFV driver (luafv.sys). A local privileged user can set the short name of a file with a long name to an arbitrary short name and overwrite files on the system with limited privileges.
9) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-0731)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows handles calls to the LUAFV driver (luafv.sys). A local user can create a malicious application, launch it on the system and execute arbitrary code in the security context of local system.
10) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-0730)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows handles calls to the LUAFV driver (luafv.sys). A local user can create a malicious application, launch it on the system and execute arbitrary code in the security context of local system.
11) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-0732)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an error when processing calls to LUAFV driver (luafv.sys). A local user can circumvent a User Mode Code Integrity (UMCI) policy on the machine and bypass Device Guard protection.
Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0848
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0814
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0844
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0840
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0685
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0805
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0836
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0796
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0731
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0730
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0732