Microsoft Windows: CVE-2019-0707: Windows NDIS Elevation of Privilege Vulnerability
Description
An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it.To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to elevate the attacker's privilege level, aka 'Windows NDIS Elevation of Privilege Vulnerability'.
Solution(s)
- microsoft-windows-windows_10-1507-kb4499154
- microsoft-windows-windows_10-1607-kb4494440
- microsoft-windows-windows_10-1703-kb4499181
- microsoft-windows-windows_10-1709-kb4499179
- microsoft-windows-windows_10-1803-kb4499167
- microsoft-windows-windows_10-1809-kb4494441
- microsoft-windows-windows_10-1903-kb4497936
- msft-kb4494440-4091b3b1-890f-4344-bf2c-cd6cc084a9a6
- msft-kb4494441-5d824d81-f71c-4236-b44a-b1d3d3afac45
- msft-kb4497936-10429ff2-9c14-4fb1-abdc-a105642cb1ad
- msft-kb4499158-93082475-fee3-46cf-8c33-1d26b56c536f
- msft-kb4499158-abe3070b-cf0f-460c-aa3e-facb04627dfa
- msft-kb4499158-b4ae50b9-4f14-4eaf-8574-6b7a66beb9cb
- msft-kb4499165-4b02df8e-e169-4d3a-a07e-bff78bc2efe3
- msft-kb4499165-770814d7-311f-4093-a9b4-a42b90c29a13
- msft-kb4499165-b6296768-ff16-4e28-aa22-9e8938569154
- msft-kb4499167-2ea0586a-8e8e-4677-bcd7-0d821e1f3e9c
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center