Published: 15/07/2019 Updated: 19/07/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Microsoft Windows could allow a local authenticated malicious user to gain elevated privileges on the system, caused by improper handling of objects in memory by the Win32k component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

Vulnerability Trend

Affected Products

Vendor Product Versions
MicrosoftWindows 7-
MicrosoftWindows Server 2008-, R2


#include <Windowsh> #include <iostream> /* EDB Note: Download ~ githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47176zip */ /* PREPROCESSOR DEFINITIONS */ #define MN_SELECTITEM 0x1E5 #define MN_SELECTFIRSTVALIDITEM 0x1E7 #define MN_OPENHIERARCHY 0x01E3 #define MN_CANCELMENUS 0x1E6 #define MN_BUTTON ...

Github Repositories

CVE-2019-1132 EoP POC for CVE-2019-1132 This exploit is tested on Windows 7 x86 build 7601 (With June Patch installed)

Recent Articles

Microsoft Patch Tuesday – July 2019
Symantec Threat Intelligence Blog • Ratheesh PM • 10 Jul 2020

This month the vendor has patched 77 vulnerabilities, 16 of which are rated Critical.

Posted: 10 Jul, 201922 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – July 2019This month the vendor has patched 77 vulnerabilities, 16 of which are rated Critical.As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still mainta...

New old Windows bug emerges, your 'strong' password is anything but, plus plenty more
The Register • Shaun Nichols in San Francisco • 15 Jul 2019

What you need to know from infosec land lately

Roundup Here is a brief look at some of the other security stories floating around right now.
Earlier this month, an alert went out to Ruby on Rails developers after it was discovered that a popular package had been hijacked and injected with malicious code.
Tute Costa was going through the gems used for his Ruby application and checking for updates when he noticed that something was amiss with the strong_password package.
It was eventually concluded that the GitHub account man...

Buhtrap group uses zero‑day in latest espionage campaigns MITRE ATT&CK techniques
welivesecurity • Jean-Ian Boutin • 11 Jul 2019

The Buhtrap group is well known for its targeting of financial institutions and businesses in Russia. However, since late 2015, we have witnessed an interesting change in its traditional targets. From a pure criminal group perpetrating cybercrime for financial gain, its toolset has been expanded with malware used to conduct espionage in Eastern Europe and Central Asia.
Throughout our tracking, we’ve seen this group deploy its main backdoor as well as other tools against various victims, ...

Windows Zero-Day Used by Buhtrap Group For Cyber-Espionage
BleepingComputer • Sergiu Gatlan • 11 Jul 2019

The Buhtrap hacking group has switched its targets from Rusian financial businesses and institutions since December 2015 when it moved into cyber-espionage operations, culminating with the use of a recently patched Windows zero-day during June 2019.
The Windows local privilege escalation 0-day vulnerability tracked as CVE-2019-1132 and abused by Buhtrap as part of its attacks was fixed by Microsoft during this month's Patch Tuesday and it allowed the cyber-crime group to run arbitrary ...

It's 2019 and SQL Server can be pwned by an SQL query, DHCP failover server failed by a packet, Edge, IE by webpages...
The Register • Shaun Nichols in San Francisco • 10 Jul 2019

Meanwhile, Adobe gives Flash the month off. SAP emits fixes, though

Patch Tuesday Summer is now firmly upon us, and depending on where you are, the weather could be just about anything from stupidly hot to unbearably wet and cold right now given the state of the climate.
Well, anyway, Microsoft, Adobe, and SAP have dropped the July editions of their monthly security updates, so there's at least one storm to weather. How's that for a silky smooth transition?
For Microsoft, July brings fixes for a total of 78 CVE-listed vulnerabilities.
Among the...

Microsoft Patches A Pair of Zero-Days Under Active Attack
Threatpost • Tara Seals • 09 Jul 2019

Microsoft has addressed 77 vulnerabilities in its July Patch Tuesday update, with 15 of them rated as critical and two known to be under active exploit; and Adobe issued a small group of updates, with surprisingly none for Acrobat Reader or Flash.
Eleven of the critical bugs are for scripting engines and browsers, and the four others affect the DHCP Server, GDI+, the .NET Framework and the Azure DevOps Server/Team Foundation Server.
“Scripting engine, browser, GDI+, and .NET Framew...

Microsoft's July 2019 Patch Tuesday Fixes 2 Zero-Day Vulnerabilities
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Today is Microsoft's July 2019 Patch Tuesday, which means that everyone should be especially nice to your Windows administrators today as they begin testing and potentially deploying updates. Included in this month's updates are fixes for five publicly disclosed vulnerabilities, but not exploited, and two zero-day vulnerabilities that were actively exploited in the wild.
With the release of the July 2019 security updates, Microsoft has released 1 advisories, 1 servicing stack update,...