Cyber Resilience

CVE-2019-1458

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 10 December 2019

Published
10 December 2019
Modified
29 October 2025
KEV Added
10 January 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9216 99.7th percentile
Risk Priority 91 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-1458 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. This flaw, tracked as CVE-2019-1458 and also known as the Win32k Elevation of Privilege Vulnerability, affects the Win32k kernel-mode driver and carries a CVSS 3.1 base score of 7.8 reflecting local attack vector, low complexity, and high impact on confidentiality, integrity, and availability.

A local attacker with existing low-privileged access can exploit the issue without user interaction to escalate privileges to SYSTEM level, enabling full control over the affected system. The vulnerability stems from improper memory object handling that can be triggered through crafted Win32k interactions.

Microsoft's security advisory at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1458 provides official guidance, while public exploit code and proof-of-concept reports have appeared on PacketStorm describing techniques such as WizardOpium and uninitialized variable local privilege escalation targeting this CVE.

EU & UK References

Vulnerability details

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

CWE(s)
KEV Date Added
10 January 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
all versions
microsoft
windows 10 1607
all versions
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
microsoft
windows rt 8.1
all versions
microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces memory protections that would block the improper Win32k kernel object handling exploited for privilege escalation.

prevent

Requires timely application of patches that remediate the specific Win32k memory-handling flaw in CVE-2019-1458.

prevent

Limits initial user privileges so that successful exploitation cannot immediately yield SYSTEM-level access.

References