Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mscveMicrosoftMS:CVE-2019-1255
HistorySep 23, 2019 - 7:00 a.m.

Microsoft Defender Elevation of Privilege Vulnerability

2019-09-2307:00:00
Microsoft
msrc.microsoft.com
119

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

57.8%

JSON

An elevation of privilege vulnerability exists when Microsoft Defender improperly handles files. An attacker could exploit the vulnerability to overwrite the discretionary access control list (DACL) for a file.

To exploit the vulnerability, an attacker would first require execution on the victim system.

The security update addresses the vulnerability by ensuring Microsoft Defender properly handles files.

Related

prion 1
kaspersky 2
cvelist 1
nessus 1
nvd 1
openvas 1
cve 1
qualysblog 1
cisa 1
thn 1
threatpost 1
myhack58 1
prion
prion
Denial of service
2019-09-23 20:15:00
kaspersky
kaspersky
KLA11565 DoS vulnerability in MS Windows
2019-09-23 00:00:00
KLA11563 DoS vulnerability in MS System Center
2019-09-23 00:00:00
cvelist
cvelist
CVE-2019-1255
2019-09-23 19:14:38
nessus
nessus
Microsoft Malware Protection Engine Elevation of Privilege Vulnerability
2019-10-21 00:00:00
nvd
nvd
CVE-2019-1255
2019-09-23 20:15:13
openvas
openvas
Microsoft Defender Denial of Service Vulnerability (Sep 2019)
2019-09-24 00:00:00
cve
cve
CVE-2019-1255
2019-09-23 20:15:13
qualysblog
qualysblog
Microsoft Released Out-of-Band Security Updates – How to Detect and Remediate
2019-09-24 20:13:12
cisa
cisa
Microsoft Releases Out-of-Band Security Updates
2019-09-23 00:00:00
thn
thn
Microsoft Releases Emergency Patches for IE 0-Day and Windows Defender Flaw
2019-09-24 07:48:00
threatpost
threatpost
Microsoft Internet Explorer Zero-Day Flaw Addressed in Out-of-Band Security Update
2019-09-23 20:29:39
myhack58
myhack58
RTOS VxWorks multiple high-risk vulnerability alerts-a vulnerability alert-the black bar safety net
2019-08-01 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

57.8%

JSON
Related for MS:CVE-2019-1255
prion1kaspersky2cvelist1nessus1nvd1openvas1cve1qualysblog1cisa1thn1threatpost1myhack581