Local Privilege escalation vulnerability in Windows OS
CVE-2019-0859 - CVE Score 7.8
Sources
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0859
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0859
https://threatpost.com/windows-zero-day-active-exploits/143820/
Risks
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This vulnerability is actively exploited into the wild.
Description
This vulnerability has been discovered by 2 Kaspersky researchers earlier this year. According to them, it has been seen exploited actively by APT groups as a zero day.
An attacker, who need to be already logged into the system, can run a specially crafted application to exploit this vulnerability. In the observed attacks, a multi-stage sequence allowed the attackers to establish a HTTP reverse shell.
Recommended Actions
CERT.be recommends administrators to update their Windows with the latest available patches. They can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0859