CVE-2019-8372

Name of the Vulnerable Software and Affected Versions LHA.sys driver versions prior to 1.1.1811.2101

Description The issue allows low-privileged users to read and write arbitrary physical memory, potentially elevating system privileges. This is possible due to the device object having an associated symbolic link and an open DACL, which can be exploited via specially crafted IOCTL requests.

Recommendations For versions prior to 1.1.1811.2101, update the LHA.sys driver to version 1.1.1811.2101 or later to resolve the issue. As a temporary workaround, consider restricting access to the LHA.sys driver to minimize the risk of exploitation.