Privilege escalation in Microsoft Windows Storage Service

Published: 2019-02-13 01:37:45
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2019-0659
CVSSv3 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-264
Exploitation vector Local
Public exploit N/A
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 10
Windows 10 1607
Windows 10 1703

Show more

Windows Server 2016
Windows Server 2019
Windows Server 1709
Windows Server 1803
Vendor URL Microsoft

Security Advisory

1) Privilege escalation

Description

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to an error when the Storage Service improperly handles file operations. A local attacker can gain execution on the victim system, then run a specially crafted application to gain elevated privileges.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0659

Back to List