Privilege escalation in Microsoft splwow64

Published: 2019-07-09 20:04:04 | Updated: 2019-07-09
Severity Medium
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2019-0880
CVSSv3 6 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:H/RL:O/RC:C]
CWE ID CWE-264
Exploitation vector Local
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 8.1
Windows 10
Windows RT 8.1

Show more

Windows Server 2012
Windows Server 2012 R2
Windows Server 2016

Show more

Vendor URL Microsoft

Security Advisory

1) Permissions, Privileges, and Access Controls

Description

The vulnerability allows a local to escalate privileges on the system.

The vulnerability exists due to the way splwow64.exe handles certain calls. A local user can abuse this functionality to elevate privileges on an affected system from low-integrity to medium-integrity.

Note, this vulnerability is being actively exploited in the wild.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0880

Back to List