SB2019041002 - Multiple vulnerabilities in Windows kernel drivers
Published: April 10, 2019 Updated: April 10, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2019-0848)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition due to the way the win32k component provides kernel information. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
2) Out-of-bounds read (CVE-ID: CVE-2019-0814)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition due to the way the win32k component provides kernel information. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
3) Out-of-bounds read (CVE-ID: CVE-2019-0844)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition due to the way the Windows kernel handles objects in memory. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
4) Out-of-bounds read (CVE-ID: CVE-2019-0840)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition due to the way the Windows kernel handles objects in memory. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
5) Buffer overflow (CVE-ID: CVE-2019-0685)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-0805)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows handles calls to the LUAFV driver (luafv.sys). A local user can create a malicious application, launch it on the system and run arbitrary code in the security context of the local system.
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-0836)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows handles calls to the LUAFV driver (luafv.sys). A local user can create a malicious application, launch it on the system and run arbitrary code in the security context of the local system.
8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-0796)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows handles calls to the LUAFV driver (luafv.sys). A local privileged user can set the short name of a file with a long name to an arbitrary short name and overwrite files on the system with limited privileges.
9) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-0731)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows handles calls to the LUAFV driver (luafv.sys). A local user can create a malicious application, launch it on the system and execute arbitrary code in the security context of local system.
10) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-0730)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows handles calls to the LUAFV driver (luafv.sys). A local user can create a malicious application, launch it on the system and execute arbitrary code in the security context of local system.
11) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-0732)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an error when processing calls to LUAFV driver (luafv.sys). A local user can circumvent a User Mode Code Integrity (UMCI) policy on the machine and bypass Device Guard protection.
Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0848
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0814
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0844
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0840
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0685
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0805
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0836
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0796
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0731
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0730
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0732