NA

CVE-2019-0797

Vulnerability Summary

Microsoft Windows could allow a local authenticated malicious user to gain elevated privileges on the system, caused by improper handling of objects in memory by the Win32k component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

Vulnerability Trend

Github Repositories

panopticon-SandCat wwwsecurityweekcom/windows-zero-day-exploited-new-sandcat-group wwwsecurityweekcom/windows-zero-day-exploited-fruityarmor-sandcat-threat-groups securelistcom/cve-2019-0797-zero-day-vulnerability/89885/?

FruityArmor wwwsecurityweekcom/microsoft-patches-windows-zero-day-exploited-fruityarmor-group wwwsecurityweekcom/windows-zero-day-exploited-attacks-aimed-middle-east wwwsecurityweekcom/windows-zero-day-exploited-new-sandcat-group wwwsecurityweekcom/windows-zero-day-exploited-fruityarmor-sandcat-threat-groups securelistcom/cve-201

Recent Articles

Microsoft Patch Tuesday – March 2019
Symantec Threat Intelligence Blog • Ratheesh PM • 13 Mar 2019

This month the vendor has patched 64 vulnerabilities, 17 of which are rated Critical.

Posted: 13 Mar, 201920 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – March 2019This month the vendor has patched 64 vulnerabilities, 17 of which are rated Critical.As always, customers are advised to follow these security best practices:


Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining ...

The fourth horseman: CVE-2019-0797 vulnerability
Securelist • Vasily Berdnikov Boris Larin • 13 Mar 2019

In February 2019, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys. We reported it to Microsoft on February 22, 2019. The company confirmed the vulnerability and assigned it CVE-2019-0797. Microsoft have just released a patch, crediting Kaspersky Lab researchers Vasiliy Berdnikov and Boris Larin with the discovery:

Microsoft changes DHCP to 'Dammit! Hacked! Compromised! Pwned!' Big bunch of security fixes land for Windows
The Register • Shaun Nichols in San Francisco • 12 Mar 2019

DHCP client has trio of remote-code exec vulns – plus SAP, Adobe issue updates

Patch Tuesday It's the second Tuesday of the month, and you know what that means: a fresh dump of security fixes from Microsoft, Adobe and others.
The March edition of Patch Tuesday includes fixes for 64 CVE-listed vulnerabilities, while Adobe addressed a pair of bugs in Photoshop and Digital Editions. Even SAP has got in on the game.
Of the 64 bugs squashed in Redmond's March update, researchers are pointing to five particular bugs as being especially noteworthy.
First, there ...

Microsoft Patches Two Win32k Bugs Under Active Attack
Threatpost • Tom Spring • 12 Mar 2019

Microsoft released patches for two Win32k bugs actively under attack, along with fixes for four additional bugs that are publicly known, as part of its March Patch Tuesday security bulletin. The Win32k bugs are both elevation of privilege vulnerabilities, rated important, and tied to the way Windows handles objects in memory.
“An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete...

References