Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2019-1420: Windows Elevation of Privilege Vulnerability

Back to Search

Microsoft CVE-2019-1420: Windows Elevation of Privilege Vulnerability

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
11/12/2019
Created
11/13/2019
Added
11/12/2019
Modified
11/10/2020

Description

An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the dssvc.dll properly handles this type of functionality.

Solution(s)

  • msft-kb4523205-08d9ac19-de85-40b7-98f7-8c54091494c1
  • msft-kb4523205-61118c04-b0ba-49af-82b7-05cb038923fb
  • msft-kb4523205-c0e9628c-ad49-4a51-84c0-2e18951adb68
  • msft-kb4524570-29c1ec74-1dd6-400c-a4fe-28af68ababa8
  • msft-kb4524570-537f6d1a-6a65-43a7-8f77-e2ece9811d47
  • msft-kb4524570-92bf4fc2-1423-4d57-b6e6-109109dab39b
  • msft-kb4524570-a464324d-52ab-4b91-b5eb-15b5e8dfaa70
  • msft-kb4524570-bb3f5eb0-a6b4-429a-83b7-5c9ae5a5eefc
  • msft-kb4524570-ce36ff81-c1f3-4022-ae29-980d7649600a
  • msft-kb4525232-0b8dcdd1-a180-4e2e-b4eb-66374803c0b3
  • msft-kb4525232-91ccde2b-6718-4599-9726-e74786129012
  • msft-kb4525236-36511ef0-14b8-4883-a0bc-49c047981b50
  • msft-kb4525236-40726976-3112-4667-aa22-4e882e8b635a
  • msft-kb4525236-f6b77fe9-194d-4905-a0db-1fe77b95ca36
  • msft-kb4525237-57a23bad-45b7-4713-b02b-e56d08a2a792
  • msft-kb4525237-595c5dcb-7b6d-47ab-990b-062c0f566c14
  • msft-kb4525237-79db43fa-b958-4e04-8146-2b589c3fb50a
  • msft-kb4525241-394083ef-f78c-4b44-b085-b2252be4f21e
  • msft-kb4525241-8415f42c-519b-4c6a-af5c-5d0c9a0f90c7

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;