Privilege escalation in Microsoft Windows DNS

Published: 2019-07-10 11:09:48 | Updated: 2019-07-10
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2019-1090
CVSSv3 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-119
Exploitation vector Local
Public exploit N/A
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 10 1803
Windows 10 1809
Windows 10 1903
Windows Server 2019
Windows Server 1803
Windows Server 1903
Vendor URL Microsoft

Security Advisory

1) Buffer overflow

Description

The vulnerability allows a local user to escalate privilege so the system.

The vulnerability exists due to a boundary error in the dnsrslvr.dll when handling objects in memory in Microsoft Windows DNS. A local user can create a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.

Remediation

Install update from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1090

Back to List