CVE-2019-1044

EUVD-2019-9629

12.06.2019, 14:29

A security feature bypass vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory.
To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system. An attacker who successfully exploited the vulnerability could violate virtual trust levels (VTL).
The update addresses the vulnerability by correcting how Windows Secure Kernel Mode handles objects in memory to properly enforce VTLs.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
microsoft	CNA	5.3 MEDIUM				CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 50%

Affected Products (NVD)

Vendor	Product	Version
microsoft	windows_server_2019	-

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

1809 (arm64, x64, x86)

KB4503327

Windows Server 2019

Server Core	KB4503327
Standard	KB4503327

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1044

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1044