Multiple vulnerabilities in Microsoft Windows Error Reporting Manager

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU21666

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-1342

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the way Windows Error Reporting manager handles a process crash. A local user can create a malicious application, launch it on the system, delete a targeted file leading to an elevated status and take control of the target system.

To exploit this vulnerability, an attacker would first have to log on to the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Windows: 7 - 10 1903 10.0.18362.116

Windows Server: 2008 - 2019 1903

External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1342

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Windows hard link

EUVDB-ID: #VU21668

Risk: Low

CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2019-1315

CWE-ID: CWE-65 - Windows hard link

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the way Windows Error Reporting manager handles hard links. A local user can create a malicious application, launch it on the system, overwrite a targeted file leading to an elevated status and take control of an affected system.

To exploit this vulnerability, an attacker would first have to log on to the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Windows: 7 - 10 1903 10.0.18362.116

Windows Server: 2008 - 2019 1903

External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

3) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU21667

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-1339

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the way Windows Error Reporting manager handles hard links. A local user can create a malicious application, launch it on the system, overwrite a targeted file leading to an elevated status and take control of an affected system.

To exploit this vulnerability, an attacker would first have to log on to the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Windows: 7 - 10 1903 10.0.18362.116

Windows Server: 2008 - 2019 1903

External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1339

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.