Windows Actively Exploited Privilege-Escalation Bugs

The software giant recently released important-level patches for two of the privilege-escalation vulnerabilities in Win32k and splwow64, which are being actively exploited in the wild. Qualys said that the patches, though labeled as important, should be quickly deployed as they could be chained with other vulnerabilities to provide the hacker with complete system access. In other words, once they have elevated their privilege level, attackers could exploit another vulnerability to allow them to execute code like ransomware.

The Win32 flaw (CVE-2019-1132) affects Windows 7, Server 2008 and Server 2008 R2.

“While an attacker would have to gain log on access to the system to execute the exploit, the vulnerability if exploited would allow the attacker to take full control of the system,” said Chris Goettl, director of product management for security at Ivanti, via email.

Meanwhile, the bug in splwow64 (CVE-2019-0880), which is the print driver host for 32-bit applications, would allow an attacker to go from low to medium-integrity privileges. If the patch can’t be deployed immediately, the vulnerability can be mitigated by disabling the print spooler. It affects Windows 8.1, Server 2012 and later OS.


Discover more from Patrick Domingues

Subscribe to get the latest posts sent to your email.

author avatar
Patrick Domingues

Leave a Comment

Stay Informed

Receive instant notifications when new content is released.