CVE-2019-0859

Name of the Vulnerable Software and Affected Versions Windows (affected versions not specified)

Description The issue is related to a component of the Windows operating system, specifically the Win32k component, which has insufficient access restrictions. This can be exploited by an attacker to execute arbitrary code in kernel mode using a specially crafted application. The vulnerability has been used in real-world attacks to deploy a PowerShell backdoor. Researchers have identified that the exploit was used by various APT groups, including Fancy Bear, Turla, FIN8, and Buhtrap. The estimated number of potentially affected devices worldwide is not specified.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.