Rapid7’s 2026 Global Cybersecurity Summit is now available on-demand.Watch sessions.
Rapid7

vulnerability

Microsoft Windows: CVE-2019-0707: Windows NDIS Elevation of Privilege Vulnerability

Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
May 14, 2019
Added
May 14, 2019
Modified
Sep 5, 2025

Description

An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it.To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to elevate the attacker's privilege level, aka 'Windows NDIS Elevation of Privilege Vulnerability'.

Solutions

microsoft-windows-windows_10-1507-kb4499154microsoft-windows-windows_10-1607-kb4494440microsoft-windows-windows_10-1703-kb4499181microsoft-windows-windows_10-1709-kb4499179microsoft-windows-windows_10-1803-kb4499167microsoft-windows-windows_10-1809-kb4494441microsoft-windows-windows_10-1903-kb4497936microsoft-windows-windows_server_2012-kb4499158microsoft-windows-windows_server_2012_r2-kb4499165microsoft-windows-windows_server_2016-1607-kb4494440microsoft-windows-windows_server_2019-1809-kb4494441msft-kb4497936-10429ff2-9c14-4fb1-abdc-a105642cb1admsft-kb4499158-93082475-fee3-46cf-8c33-1d26b56c536fmsft-kb4499158-b4ae50b9-4f14-4eaf-8574-6b7a66beb9cbmsft-kb4499165-4b02df8e-e169-4d3a-a07e-bff78bc2efe3msft-kb4499165-b6296768-ff16-4e28-aa22-9e8938569154

References

    Title
    Rapid7 Labs

    2026 Global Threat Landscape Report

    The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.