Researchers from Chinese cybersecurity firm Qihoo 360 have made public technical details that can be used to construct a proof-of-concept (PoC) exploit for CVE-2019-0808, a recently patched Windows vulnerability that has been involved in targeted attacks.
The existence of CVE-2019-0808 was brought to light a week ago when Google’s Threat Analysis Group revealed that it had been exploited alongside CVE-2019-5786, a Chrome vulnerability that the browser’s developers patched on March 1.
Google released limited technical information about the Windows vulnerability before Microsoft managed to release a patch. A fix was made available to users on March 12, when Microsoft released its Patch Tuesday updates.
The security hole affects the Win32k component in Windows and allows an authenticated attacker to elevate privileges and execute arbitrary code in kernel mode. It can also be used to escape sandboxes if combined with a web browser vulnerability.
The flaw only appears to affect Windows 7 and Windows Server 2008 as Windows 10 includes some additional mitigations that prevent exploitation.
A blog post published on Thursday by the Chengdu Security Response Center of 360 Core Security discloses not only the root cause of the vulnerability, but also explains how it can be triggered and how Microsoft has addressed it.
The Chinese researchers say they have created a PoC exploit, but they have not made it public in its entirety. Instead, they have published several images showing the relevant code and step-by-step instructions on how the flaw can be triggered.
No information has been shared on the targeted attacks involving CVE-2019-0808, but now that more technical details are available it will likely be used in more attacks.
“Considering that some users are still using Windows 7 and this vulnerability combined with Chrome RCE (CVE-2019-5786) has been used for real APT attacks, this 0day is very likely to be exploited to perform large-scale attacks and pose a real threat,” the researchers said.
Another Windows zero-day patched by Microsoft this week has been exploited in targeted attacks by at least two threat actors. The flaw was spotted by Kaspersky Lab after it had been leveraged in attacks by groups tracked by the security firm as SandCat and FruityArmor.
Related: Exploit Published for Windows Task Scheduler Zero-Day
Related: Exploit for New Windows Zero-Day Published on Twitter

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Google Patches Third Chrome Zero-Day of 2023
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
