vulnerability
Microsoft Windows: CVE-2019-0707: Windows NDIS Elevation of Privilege Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:N/C:C/I:C/A:C) | May 14, 2019 | May 14, 2019 | Sep 5, 2025 |
Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
May 14, 2019
Added
May 14, 2019
Modified
Sep 5, 2025
Description
An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it.To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to elevate the attacker's privilege level, aka 'Windows NDIS Elevation of Privilege Vulnerability'.
Solutions
microsoft-windows-windows_10-1507-kb4499154microsoft-windows-windows_10-1607-kb4494440microsoft-windows-windows_10-1703-kb4499181microsoft-windows-windows_10-1709-kb4499179microsoft-windows-windows_10-1803-kb4499167microsoft-windows-windows_10-1809-kb4494441microsoft-windows-windows_10-1903-kb4497936microsoft-windows-windows_server_2012-kb4499158microsoft-windows-windows_server_2012_r2-kb4499165microsoft-windows-windows_server_2016-1607-kb4494440microsoft-windows-windows_server_2019-1809-kb4494441msft-kb4497936-10429ff2-9c14-4fb1-abdc-a105642cb1admsft-kb4499158-93082475-fee3-46cf-8c33-1d26b56c536fmsft-kb4499158-b4ae50b9-4f14-4eaf-8574-6b7a66beb9cbmsft-kb4499165-4b02df8e-e169-4d3a-a07e-bff78bc2efe3msft-kb4499165-b6296768-ff16-4e28-aa22-9e8938569154
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.