Privilege escalation in Microsoft Windows

Published: 2019-07-10 09:25:44 | Updated: 2019-07-10
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2019-1082
CVSSv3 7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-362
Exploitation vector Local
Public exploit N/A
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 8.1
Windows 7
Windows 10
Windows RT 8.1
Windows 10 1607
Windows Server 2012
Windows Server 2012 R2
Windows Server 2008 R2
Windows Server 2016
Vendor URL Microsoft

Security Advisory

1) Race condition

Description

The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race planting of a customized dll. A local user can execute arbitrary code with SYSTEM privileges.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1082

Back to List