Cyber Resilience

CVE-2019-0543

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 08 January 2019

Published
08 January 2019
Modified
14 January 2026
KEV Added
15 March 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.4274 97.6th percentile
Risk Priority 61 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-0543 is a high-severity Improper Authentication (CWE-287) vulnerability in Microsoft Windows 10 1803. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 2.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

An elevation of privilege vulnerability exists in Microsoft Windows when the operating system improperly handles authentication requests, as indicated by CWE-287. The flaw affects a broad range of versions including Windows 7, Windows 8.1, Windows 10, Windows RT 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.

A local attacker with existing low-privileged access can exploit the issue without user interaction to obtain full elevation of privilege, resulting in high impact to confidentiality, integrity, and availability according to the CVSS 7.8 vector. This allows the attacker to execute arbitrary code or access sensitive resources beyond their original permissions.

Microsoft has published an advisory detailing the vulnerability and associated updates through its security guidance portal. Public exploit code is also available, highlighting the need for prompt patching on affected systems.

EU & UK References

Vulnerability details

An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows…

more

8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

CWE(s)
KEV Date Added
15 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
all versions
microsoft
windows 10 1607
all versions
microsoft
windows 10 1703
all versions
microsoft
windows 10 1709
all versions
microsoft
windows 10 1803
all versions
microsoft
windows 10 1809
all versions
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
microsoft
windows rt 8.1
all versions
microsoft
windows server 1709
all versions
+5 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access decisions resulting from authentication requests, blocking the improper privilege elevation path exploited by this flaw.

prevent

Limits the permissions available to the low-privileged local account, reducing the impact of successful exploitation to full system access.

prevent

Requires prompt installation of the vendor security update that corrects the improper authentication handling in affected Windows versions.

References