vulnerability

Microsoft CVE-2019-1037: Windows Error Reporting Elevation of Privilege Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:M/Au:N/C:C/I:C/A:C)	Jul 9, 2019	Jul 9, 2019	Nov 18, 2021

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:C)

Published

Jul 9, 2019

Added

Jul 9, 2019

Modified

Nov 18, 2021

Description

An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with administrator privileges.
To exploit the vulnerability, an attacker must first gain unprivileged execution on a victim system.
The security update addresses the vulnerability by correcting the way WER handles files.

Solution

msft-kb4507453-8cedcb21-0200-433d-b32d-2d5ef741adec

References

CVE-2019-1037
https://attackerkb.com/topics/CVE-2019-1037
MSKB-4507435
MSKB-4507453
MSKB-4507455
MSKB-4507469

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today