CVE-2019-15665 – This vulnerability in Rivet Killer Control Cent... (How to Fix)

Q: What is the severity of CVE-2019-15665?

CVE-2019-15665 has a CVSS score of 7.2 (HIGH). This vulnerability in Rivet Killer Control Center allows local attackers to execute arbitrary code or escalate privileges by exploiting an unvalidated offset parameter in a kernel driver IOCTL handler. It affects users running vulnerable versions of the software on Windows systems. Successful exploitation gives attackers kernel-level access to the system.

📋 TL;DR

This vulnerability in Rivet Killer Control Center allows local attackers to execute arbitrary code or escalate privileges by exploiting an unvalidated offset parameter in a kernel driver IOCTL handler. It affects users running vulnerable versions of the software on Windows systems. Successful exploitation gives attackers kernel-level access to the system.

💻 Affected Systems

Products:

Rivet Killer Control Center
Killer Networking software

Versions: All versions before 2.1.1352

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the vulnerable KfeCo10X64.sys driver to be loaded, which occurs when Killer Control Center is installed.

📦 What is this software?

Killer Control Center by Killernetworking

View all CVEs affecting Killer Control Center →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level code execution leading to complete control of the affected system, data theft, and lateral movement capabilities.

🟠

Likely Case

Local privilege escalation allowing a standard user to gain SYSTEM/administrator privileges on the compromised machine.

🟢

If Mitigated

Limited to denial of service or system instability if proper security controls prevent code execution.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system.

🏢 Internal Only: HIGH - Malicious insiders or compromised user accounts could exploit this to gain elevated privileges on workstations.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of driver interaction. FireEye published technical details including IOCTL information.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.1352 and later

Vendor Advisory: https://support.killernetworking.com/downloads/ReleaseNotes/KillerSoftware_Release_Notes_2.1.1352.pdf

Restart Required: Yes

Instructions:

1. Download Killer Control Center version 2.1.1352 or later from official Killer Networking website. 2. Uninstall previous version. 3. Install updated version. 4. Restart system to load patched driver.

🔧 Temporary Workarounds

Disable or remove vulnerable driver

windows

Uninstall Killer Control Center or disable the KfeCo10X64.sys driver to prevent exploitation.

sc stop KfeCo10X64
sc delete KfeCo10X64

Restrict driver access

windows

Apply ACL restrictions to prevent non-administrative users from accessing the vulnerable driver.

icacls "C:\Windows\System32\drivers\KfeCo10X64.sys" /deny Users:(R,X)

🧯 If You Can't Patch

Implement strict least privilege principles to limit standard user capabilities
Monitor for suspicious driver interactions and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check if KfeCo10X64.sys driver version is older than 2.1.1352. Look for driver file in System32\drivers and check properties.

Check Version:

wmic product where "name like '%Killer%'" get version

Verify Fix Applied:

Verify Killer Control Center version is 2.1.1352 or newer in Programs and Features, and confirm driver version in device manager.

📡 Detection & Monitoring

Log Indicators:

Driver load events for KfeCo10X64.sys
Process creation with elevated privileges following driver interaction
System event logs showing driver crashes or unexpected behavior

Network Indicators:

No network indicators - this is a local exploit

SIEM Query:

EventID=7045 AND ServiceName="KfeCo10X64" OR ProcessName="KillerControlCenter.exe" AND ParentProcess="explorer.exe"

📊 Metadata

CVE ID: CVE-2019-15665

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: March 20, 2020

Last Updated: November 21, 2024

🔗 References

https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2019-0009/FEYE-2019-0009.md Release Notes,Third Party Advisory
https://support.killernetworking.com/downloads/ReleaseNotes/KillerSoftware_Release_Notes_2.1.1352.pdf Release Notes,Vendor Advisory
https://www.killernetworking.com Product
https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2019-0009/FEYE-2019-0009.md Release Notes,Third Party Advisory
https://support.killernetworking.com/downloads/ReleaseNotes/KillerSoftware_Release_Notes_2.1.1352.pdf Release Notes,Vendor Advisory
https://www.killernetworking.com Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-15665, you might also want to check these: