vulnerability
Microsoft Windows: CVE-2019-1405: Windows UPnP Service Elevation of Privilege Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Nov 12, 2019 | Nov 12, 2019 | Sep 5, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Nov 12, 2019
Added
Nov 12, 2019
Modified
Sep 5, 2025
Description
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
Solutions
microsoft-windows-windows_10-1507-kb4525232microsoft-windows-windows_10-1607-kb4525236microsoft-windows-windows_10-1709-kb4525241microsoft-windows-windows_10-1803-kb4525237microsoft-windows-windows_10-1809-kb4523205microsoft-windows-windows_10-1903-kb4524570microsoft-windows-windows_server_2012-kb4525253microsoft-windows-windows_server_2012_r2-kb4525250microsoft-windows-windows_server_2016-1607-kb4525236microsoft-windows-windows_server_2019-1809-kb4523205msft-kb4524570-92bf4fc2-1423-4d57-b6e6-109109dab39bmsft-kb4524570-a464324d-52ab-4b91-b5eb-15b5e8dfaa70msft-kb4525233-34a5a286-7aae-469a-b1ac-0dbd98b48c9cmsft-kb4525233-357b9972-1dd5-46b6-b9fe-673f633e8a66msft-kb4525233-3afe4f42-95e2-4768-af34-961a45c232a5msft-kb4525233-676c08bf-e63d-48fe-b1f2-72b66ff22d0amsft-kb4525233-682289d3-16c4-4e74-8f67-749cc358025cmsft-kb4525233-a9622cac-8e55-4fd3-bc1c-715655fde5a5msft-kb4525239-5d291263-6be8-4c4c-b375-01b786fc7181msft-kb4525239-abb20615-fb10-4359-9dea-631b15cabb37msft-kb4525239-d1be2ef4-66c3-414f-a06a-10323a6a6225msft-kb4525250-39712f55-86cb-4200-9005-8d57cd91032emsft-kb4525250-c95046b7-a6dd-4d23-9b73-68722b2533f4msft-kb4525253-b11910e5-0a1d-4bdd-b307-3a56d5e3f1eemsft-kb4525253-daab0091-1e65-4624-b280-015c007f30c1
References
- CVE-2019-1405
- https://attackerkb.com/topics/CVE-2019-1405
- CWE-269
- https://support.microsoft.com/help/4523205
- https://support.microsoft.com/help/4524570
- https://support.microsoft.com/help/4525232
- https://support.microsoft.com/help/4525236
- https://support.microsoft.com/help/4525237
- https://support.microsoft.com/help/4525241
- https://support.microsoft.com/help/4525250
- https://support.microsoft.com/help/4525253
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.