Symlink attack in Microsoft Windows

Published: 2019-07-10 09:25:42 | Updated: 2019-07-10
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2019-1074
CVSSv3 5.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CWE ID CWE-264
Exploitation vector Local
Public exploit N/A
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 10 1709
Windows 10 1803
Windows 10 1809
Windows 10 1903
Windows Server 2019
Windows Server 1803
Windows Server 1903
Vendor URL Microsoft

Security Advisory

1) Permissions, Privileges, and Access Controls

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to certain Windows folders with local service privileges are vulnerable to symbolic link following attack. A local user can create a symbolic link to a critical resource and gain access to sensitive information.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1074

Back to List