CVE-2019-0859: Microsoft Win32k Privilege Escalation Vulnerability
First published: Tue Apr 09 2019(Updated: )
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Win32 Kernel Subsystem | ||
| Windows 10 | ||
| Windows 10 | =1607 | |
| Windows 10 | =1703 | |
| Windows 10 | =1709 | |
| Windows 10 | =1803 | |
| Windows 10 | =1809 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows | ||
| Microsoft Windows RT | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =r2-sp1 | |
| Microsoft Windows Server | =r2-sp1 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2016 | =1709 | |
| Microsoft Windows Server 2016 | =1803 | |
| Microsoft Windows Server 2019 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-0859?
CVE-2019-0859 has a high severity rating due to its potential for elevation of privilege attacks.
How do I fix CVE-2019-0859?
To fix CVE-2019-0859, apply the latest security updates provided by Microsoft for the affected versions of Windows.
Which versions of Windows are affected by CVE-2019-0859?
CVE-2019-0859 affects multiple versions of Windows, including Windows 10, 7, 8.1, and various Windows Server editions.
What are the potential impacts of exploiting CVE-2019-0859?
Exploiting CVE-2019-0859 could allow an attacker to gain elevated privileges on the system, potentially compromising sensitive data.
Is there a workaround for CVE-2019-0859?
Currently, the best approach to mitigate CVE-2019-0859 is to apply the security patches as provided by Microsoft.
- agent/type
- agent/description
- agent/remedy
- agent/title
- agent/first-publish-date
- agent/references
- agent/author
- agent/event
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- source/NVD
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- vendor/microsoft
- canonical/microsoft win32 kernel subsystem
- canonical/windows 10
- version/windows 10/1607
- version/windows 10/1703
- version/windows 10/1709
- version/windows 10/1803
- version/windows 10/1809
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- canonical/microsoft windows
- canonical/microsoft windows rt
- canonical/microsoft windows server
- version/microsoft windows server/sp2
- version/microsoft windows server/r2-sp1
- version/microsoft windows server/r2
- canonical/microsoft windows server 2016
- version/microsoft windows server 2016/1709
- version/microsoft windows server 2016/1803
- canonical/microsoft windows server 2019
- canonical/microsoft windows 10