Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2019-1315: Windows Error Reporting Manager Elevation of Privilege Vulnerability

Back to Search

Microsoft CVE-2019-1315: Windows Error Reporting Manager Elevation of Privilege Vulnerability

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

10/08/2019

Created

10/09/2019

Added

10/08/2019

Modified

11/10/2020

Description

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows Error Reporting manager handles hard links.

Solution(s)

msft-kb4517389-5c400e97-567b-460d-bdbd-b8f6ad298c9c
msft-kb4517389-b772c442-f33b-42f3-b4fd-6780110d6a53
msft-kb4517389-c417813c-d3db-4b44-83f8-60de59e73b91
msft-kb4519338-212c3c1b-d31d-4e80-a30f-ad2cddf5c7fc
msft-kb4519338-4dc3fc62-f0c5-47fd-b788-24c7bb43bd60
msft-kb4519338-effa0a42-b050-47d4-a23a-1f3f0a7a7195
msft-kb4519985-8448c774-0e98-4182-ab79-963ba49e33b4
msft-kb4519985-8a3aec2b-e0d7-44a2-938d-c02f6b274548
msft-kb4519985-f0d0e25e-cdb1-4823-b241-92ac2a81d3b3
msft-kb4519990-a2d349fe-ee2a-4a85-be00-ee8cba079e9b
msft-kb4519990-b8b37d2d-5063-477b-809c-baf8ce11b723
msft-kb4519990-e54b6ac3-a904-4687-b53b-6db63a034c57
msft-kb4519998-0c7eb702-e48b-48da-8ef8-e984aa6cb0b8
msft-kb4519998-3e345f2b-0454-4475-968e-a723d555f2fb
msft-kb4519998-a3faed21-d1ee-4af7-bc23-42e4de28e30c
msft-kb4520003-0d1c5f85-509f-4142-baa9-c9a7d22386f8
msft-kb4520003-4177c40d-e502-4e6c-9b95-6162fba1cec3
msft-kb4520003-a99aef55-9e6d-4c41-8f5b-d84b383a4f3a
msft-kb4520003-ba350f9c-c29f-4b6c-b51b-e3b7b3173be3
msft-kb4520003-eb2b689a-dab5-479f-a051-dd4ee86b98ef
msft-kb4520003-f6315128-ecc0-4bc5-a152-c9383a644a56
msft-kb4520004-173a42f8-0561-4a76-9a70-bd9cb6fa9151
msft-kb4520004-f72dbbef-cedb-450e-927d-05414a78aded
msft-kb4520008-60000a2c-bbc0-473e-a45f-db8e5d59d8f6
msft-kb4520008-d876d728-1f3a-4686-ac8d-9fee971d40af
msft-kb4520008-ff9d5ac1-9660-4a2c-8669-260891a47e33
msft-kb4520009-6f2b0614-8c8a-474c-b9d5-9f1ab035f1fb
msft-kb4520009-7c787b1f-05ba-4516-a24c-617da56d1405
msft-kb4520009-e97e00d7-47d2-4016-a5c1-bbe896a46d6f
msft-kb4520010-50f87af3-267d-4242-9ca8-ad63233c710d
msft-kb4520010-fe65a4a7-b1ab-44b2-9c92-16daa2ddd839
msft-kb4520011-13958a0a-73dc-4296-b375-8ac1cd632f1b
msft-kb4520011-c32b63ca-7b05-458e-aaa4-84400e2e6f1c

References

https://attackerkb.com/topics/cve-2019-1315
CVE - 2019-1315
4517389
4519338
4519976
4519985
4519990
4519998
4520002
4520003
4520004
4520005
4520007
4520008
4520009
4520010
4520011

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2019-1315: Windows Error Reporting Manager Elevation of Privilege Vulnerability