Main Vulnerability Database Vulnerabilities #VU21690

#VU21690 Permissions, Privileges, and Access Controls in Windows and Windows Server - CVE-2019-1368

Published: October 9, 2019

Vulnerability identifier: #VU21690

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-1368

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Windows
Windows Server

Software vendor:
Microsoft

Description

The vulnerability allows a local attacker to gain access to sensitive information.

The vulnerability exists due incorrect restrictions for the debugging functionality in Windows Secure Boot. A local attacker with physical access to the system can disclose kernel memory.

Successful exploitation of the vulnerability requires that Windows Secure Boot is enabled.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1368

#VU21690 Permissions, Privileges, and Access Controls in Windows and Windows Server - CVE-2019-1368

Description

Remediation

External links

Please verify you're human