Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2019-1365: Microsoft IIS Server Elevation of Privilege Vulnerability

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2019-1365: Microsoft IIS Server Elevation of Privilege Vulnerability

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

10/08/2019

Created

10/09/2019

Added

10/08/2019

Modified

11/18/2021

Description

An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it. An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\system escaping the Sandbox. The security update addresses the vulnerability by correcting how Microsoft IIS Server sanitizes web requests.

Solution(s)

msft-kb4517389-5c400e97-567b-460d-bdbd-b8f6ad298c9c
msft-kb4517389-b772c442-f33b-42f3-b4fd-6780110d6a53
msft-kb4517389-c417813c-d3db-4b44-83f8-60de59e73b91
msft-kb4519338-212c3c1b-d31d-4e80-a30f-ad2cddf5c7fc
msft-kb4519338-4dc3fc62-f0c5-47fd-b788-24c7bb43bd60
msft-kb4519338-effa0a42-b050-47d4-a23a-1f3f0a7a7195
msft-kb4519985-8448c774-0e98-4182-ab79-963ba49e33b4
msft-kb4519985-8a3aec2b-e0d7-44a2-938d-c02f6b274548
msft-kb4519985-f0d0e25e-cdb1-4823-b241-92ac2a81d3b3
msft-kb4519990-a2d349fe-ee2a-4a85-be00-ee8cba079e9b
msft-kb4519990-b8b37d2d-5063-477b-809c-baf8ce11b723
msft-kb4519990-e54b6ac3-a904-4687-b53b-6db63a034c57
msft-kb4519998-0c7eb702-e48b-48da-8ef8-e984aa6cb0b8
msft-kb4519998-3e345f2b-0454-4475-968e-a723d555f2fb
msft-kb4519998-a3faed21-d1ee-4af7-bc23-42e4de28e30c
msft-kb4520003-0d1c5f85-509f-4142-baa9-c9a7d22386f8
msft-kb4520003-4177c40d-e502-4e6c-9b95-6162fba1cec3
msft-kb4520003-a99aef55-9e6d-4c41-8f5b-d84b383a4f3a
msft-kb4520003-ba350f9c-c29f-4b6c-b51b-e3b7b3173be3
msft-kb4520003-eb2b689a-dab5-479f-a051-dd4ee86b98ef
msft-kb4520003-f6315128-ecc0-4bc5-a152-c9383a644a56
msft-kb4520008-60000a2c-bbc0-473e-a45f-db8e5d59d8f6
msft-kb4520008-d876d728-1f3a-4686-ac8d-9fee971d40af
msft-kb4520008-ff9d5ac1-9660-4a2c-8669-260891a47e33
msft-kb4520009-6f2b0614-8c8a-474c-b9d5-9f1ab035f1fb
msft-kb4520009-7c787b1f-05ba-4516-a24c-617da56d1405
msft-kb4520009-e97e00d7-47d2-4016-a5c1-bbe896a46d6f

References

https://attackerkb.com/topics/cve-2019-1365
CVE - 2019-1365
4517389
4519338
4519976
4519985
4519990
4519998
4520002
4520003
4520005
4520007
4520008
4520009

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2019-1365: Microsoft IIS Server Elevation of Privilege Vulnerability

Microsoft CVE-2019-1365: Microsoft IIS Server Elevation of Privilege Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.