CVE-2019-1388

Warnung

EPSS 3.45%
Veröffentlicht 12.11.2019 19:15:12
Zuletzt bearbeitet 10.04.2025 16:56:36
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows 10 1507 Version- HwPlatformx64

Microsoft ≫ Windows 10 1507 Version- HwPlatformx86

Microsoft ≫ Windows 10 1607 Version- HwPlatformx64

Microsoft ≫ Windows 10 1607 Version- HwPlatformx86

Microsoft ≫ Windows 10 1709 Version- HwPlatformarm64

Microsoft ≫ Windows 10 1709 Version- HwPlatformx64

Microsoft ≫ Windows 10 1709 Version- HwPlatformx86

Microsoft ≫ Windows 10 1803 Version- HwPlatformarm64

Microsoft ≫ Windows 10 1803 Version- HwPlatformx64

Microsoft ≫ Windows 10 1803 Version- HwPlatformx86

Microsoft ≫ Windows 10 1809 Version- HwPlatformarm64

Microsoft ≫ Windows 10 1809 Version- HwPlatformx64

Microsoft ≫ Windows 10 1809 Version- HwPlatformx86

Microsoft ≫ Windows 10 1903 Version- HwPlatformarm64

Microsoft ≫ Windows 10 1903 Version- HwPlatformx64

Microsoft ≫ Windows 10 1903 Version- HwPlatformx86

Microsoft ≫ Windows 7 Version- Updatesp1

Microsoft ≫ Windows 8.1 Version-

Microsoft ≫ Windows Rt 8.1 Version-

Microsoft ≫ Windows Server 1903 Version-

Microsoft ≫ Windows Server 2008 Version- Updatesp2

Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformitanium

Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64

Microsoft ≫ Windows Server 2012 Version-

Microsoft ≫ Windows Server 2012 Versionr2

Microsoft ≫ Windows Server 2016 Version-

Microsoft ≫ Windows Server 2016 Version1803

Microsoft ≫ Windows Server 2019 Version-

07.04.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability

Schwachstelle

Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.45%	0.87

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388

Patch

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-19-975/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-1388

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1388

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1388

EUVD