Researchers from Chinese cybersecurity firm Qihoo 360 have made public technical details that can be used to construct a proof-of-concept (PoC) exploit for CVE-2019-0808, a recently patched Windows vulnerability that has been involved in targeted attacks.
The existence of CVE-2019-0808 was brought to light a week ago when Google’s Threat Analysis Group revealed that it had been exploited alongside CVE-2019-5786, a Chrome vulnerability that the browser’s developers patched on March 1.
Google released limited technical information about the Windows vulnerability before Microsoft managed to release a patch. A fix was made available to users on March 12, when Microsoft released its Patch Tuesday updates.
The security hole affects the Win32k component in Windows and allows an authenticated attacker to elevate privileges and execute arbitrary code in kernel mode. It can also be used to escape sandboxes if combined with a web browser vulnerability.
The flaw only appears to affect Windows 7 and Windows Server 2008 as Windows 10 includes some additional mitigations that prevent exploitation.
A blog post published on Thursday by the Chengdu Security Response Center of 360 Core Security discloses not only the root cause of the vulnerability, but also explains how it can be triggered and how Microsoft has addressed it.
The Chinese researchers say they have created a PoC exploit, but they have not made it public in its entirety. Instead, they have published several images showing the relevant code and step-by-step instructions on how the flaw can be triggered.
No information has been shared on the targeted attacks involving CVE-2019-0808, but now that more technical details are available it will likely be used in more attacks.
“Considering that some users are still using Windows 7 and this vulnerability combined with Chrome RCE (CVE-2019-5786) has been used for real APT attacks, this 0day is very likely to be exploited to perform large-scale attacks and pose a real threat,” the researchers said.
Another Windows zero-day patched by Microsoft this week has been exploited in targeted attacks by at least two threat actors. The flaw was spotted by Kaspersky Lab after it had been leveraged in attacks by groups tracked by the security firm as SandCat and FruityArmor.
Related: Exploit Published for Windows Task Scheduler Zero-Day
Related: Exploit for New Windows Zero-Day Published on Twitter

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
- Cisco to Acquire Splunk for $28 Billion
- Car Cybersecurity Study Shows Drop in Critical Vulnerabilities Over Past Decade
- Omron Patches PLC, Engineering Software Flaws Discovered During ICS Malware Analysis
- Intel Launches New Attestation Service as Part of Trust Authority Portfolio
- Atos Unify Vulnerabilities Could Allow Hackers to Backdoor Systems
Latest News
- Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware
- In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- Air Canada Says Employee Information Accessed in Cyberattack
- BIND Updates Patch Two High-Severity DoS Vulnerabilities
- Faster Patching Pace Validates CISA’s KEV Catalog Initiative
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
