CVE-2019-1388 HHUPD.exe Exploit

Posted on : by : Lion

There is a privilege escalation vulnerability in the Windows Certificate Dialog allowing an attacker to elevate privileges to NT AUTHORITY\SYSTEM, it is documented as CVE-2019-1388.

This is a good video demonstrating the issue: https://www.youtube.com/watch?v=3BQKpPNlTSo in this case they use the hhupd.exe to perform the attack.

Also check out this link from @gentilkiwi about affected versions: https://gist.github.com/gentilkiwi/802c221c0731c06c22bb75650e884e5a

search request hhupd.exe
Search requests for hhupd

Since there is a lot of search for the example executable that allows the attack and it also took some time for me to find the hhupd.exe, i thought it would help others to share it.

Of course you do not need hhupd to exploit that vulnerability, its just easier.

You can download the hhupd.exe used in the video (or at least a similar one with the required OID) from this source: Hybrid Analysis hhupd.exe download link

Thanks to Eduardo Braun Prado (ZDI) for finding CVE-2019-1388!

Have fun and patch your systems.

Company Reviews

Leave a Reply

Your email address will not be published. Required fields are marked *