SB2019021303 - Multiple vulnerabilities in Microsoft Win32k
Published: February 13, 2019
Security Bulletin ID
SB2019021303
Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2019-0623)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to a boundary error when the Win32k component fails to properly handle objects in memory. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Information disclosure (CVE-ID: CVE-2019-0628)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.The vulnerability exists due to an error when the win32k component improperly provides kernel information. A local attacker can run a specially crafted application and read arbitrary data.
Remediation
Install update from vendor's website.