Privilege escalation in Windows Audio Service

Published: 2019-07-10 02:29:44 | Updated: 2019-07-10
Severity Low
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2019-1086
CVE-2019-1087
CVE-2019-1088
CVSSv3 3.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
3.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
3.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CWE ID CWE-20
Exploitation vector Local
Public exploit N/A
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 8.1
Windows 10
Windows RT 8.1

Show more

Windows Server 2012 R2
Windows Server 2016
Windows Server 2019

Show more

Vendor URL Microsoft

Security Advisory

1) Input validation error

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input in Windows Audio Service.

A local user can create a specially crafted application and use this vulnerability in conjunction with another issue to escalate privileges on the system.

Remediation

Install update from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1086

2) Input validation error

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input in Windows Audio Service.

A local user can create a specially crafted application and use this vulnerability in conjunction with another issue to escalate privileges on the system.

Remediation

Install update from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1087

3) Input validation error

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input in Windows Audio Service.

A local user can create a specially crafted application and use this vulnerability in conjunction with another issue to escalate privileges on the system.

Remediation

Install update from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1088

Back to List