Main Vulnerability Database SB2019070905

SB2019070905 - Privilege escalation in Microsoft Windows Win32k component

Published: July 9, 2019 Updated: July 10, 2019

Security Bulletin ID SB2019070905

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2019-1132)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a NULL pointer dereference error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.

Note, this vulnerability is being actively exploited in the wild.

Remediation

Install update from vendor's website.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1132
https://www.welivesecurity.com/2019/07/10/windows-zero-day-cve-2019-1132-exploit/