Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2019-0735: Windows CSRSS Elevation of Privilege Vulnerability

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Microsoft CVE-2019-0735: Windows CSRSS Elevation of Privilege Vulnerability

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
04/09/2019
Created
04/22/2019
Added
04/09/2019
Modified
11/18/2021

Description

An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows CSRSS handles objects in memory.

Solution(s)

  • msft-kb4493441-30e70ea5-db98-4921-9fb6-cd711cbe111c
  • msft-kb4493441-c48d3b04-de61-45f8-aa09-19dcdcbf27cf
  • msft-kb4493441-d4df103d-2ae9-4b1a-a4a3-615b9cceb666
  • msft-kb4493448-26f5c961-e070-4dfd-87cc-fda0186b23b0
  • msft-kb4493448-3af9bacd-85de-4861-8f8b-ef48904e8ead
  • msft-kb4493448-75234a13-f3fc-42e1-8669-b816bbd0faa5
  • msft-kb4493448-8d9c650b-8e2e-4c88-a261-b0a9100b0a96
  • msft-kb4493448-9cd10498-a338-45d6-98f7-64e6c7e18418
  • msft-kb4493448-b1a7e411-ca24-4c4c-a8eb-3efb04a6fece
  • msft-kb4493450-6e622753-bade-47c0-97ec-3461b680bced
  • msft-kb4493450-9c079aa3-389b-483f-87fe-f1594a62ad59
  • msft-kb4493450-e7002d3e-f16b-455e-87dd-96ce17b836a6
  • msft-kb4493458-0f3ac7c5-f539-4756-80d3-cf14300ca829
  • msft-kb4493458-3679a90c-7337-4404-95af-f9f8ac2a65ff
  • msft-kb4493458-a23fd5ae-b1af-48df-8a46-8ad8b994f355
  • msft-kb4493464-1a60bdf0-0746-4b51-b98a-c7aa184e0e65
  • msft-kb4493464-2678ef0e-1396-499a-aa6d-7b5edc40c1ed
  • msft-kb4493464-8c293f3f-ae3d-46af-870d-ed61b2fe12e0
  • msft-kb4493467-0ec0675a-f389-4e13-8cab-86d750349338
  • msft-kb4493467-64c865f5-4bf6-4e45-8c54-6734dcc5f5ba
  • msft-kb4493467-8693f170-0aea-4539-bc72-feffa6e947ba
  • msft-kb4493470-1a4bffd2-85fe-4062-a441-4ed1ae1164ed
  • msft-kb4493470-48b60bdc-8a42-4ab2-9d6b-8abf391602c2
  • msft-kb4493470-5792a381-fac9-4f80-9148-7cadc95cd218
  • msft-kb4493474-bad85971-a8a3-4eb4-88fe-6f193063d0fe
  • msft-kb4493474-fac12f23-ce8e-4586-9a58-85df96b6f781
  • msft-kb4493475-c117f869-0b03-4b0c-85c1-493cb9a068a3
  • msft-kb4493475-c55d81dd-ec83-4223-a83c-d9af016c3f14
  • msft-kb4493509-08d3a825-29af-4ebd-b167-019a45e87fb8
  • msft-kb4493509-623b4e44-1f39-4496-9836-dc80be3ce2cc
  • msft-kb4493509-b866c1a6-ae98-449c-9285-c3008ae7bebc

References

View more

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;