CVE-2019-1027

EPSS 0.3%
Published 12.06.2019 14:29:03
Last modified 20.05.2025 18:15:38
Source secure@microsoft.com
Teams watchlist Login
Open Login

An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.
To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run.  However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running.
The update addresses the vulnerability by correcting how the Windows Audio Service handles processes these requests.

Affected products Warnungen 0 Metrics 4 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows 10 Version1709

Microsoft ≫ Windows 10 Version1803

Microsoft ≫ Windows 10 Version1809

Microsoft ≫ Windows 10 Version1903

Microsoft ≫ Windows Server 2016 Version1803

Microsoft ≫ Windows Server 2016 Version1903

Microsoft ≫ Windows Server 2019 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.3%	0.527

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secure@microsoft.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1027

Patch

Vendor Advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1027

https://nvd.nist.gov/vuln/detail/CVE-2019-1027

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1027

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1027

EUVD