CVE-2019-0543
Published: 08 January 2019
Summary
CVE-2019-0543 is a high-severity Improper Authentication (CWE-287) vulnerability in Microsoft Windows 10 1803. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 2.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
An elevation of privilege vulnerability exists in Microsoft Windows when the operating system improperly handles authentication requests, as indicated by CWE-287. The flaw affects a broad range of versions including Windows 7, Windows 8.1, Windows 10, Windows RT 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.
A local attacker with existing low-privileged access can exploit the issue without user interaction to obtain full elevation of privilege, resulting in high impact to confidentiality, integrity, and availability according to the CVSS 7.8 vector. This allows the attacker to execute arbitrary code or access sensitive resources beyond their original permissions.
Microsoft has published an advisory detailing the vulnerability and associated updates through its security guidance portal. Public exploit code is also available, highlighting the need for prompt patching on affected systems.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-1314
Vulnerability details
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows…
more
8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
- CWE(s)
- KEV Date Added
- 15 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces access decisions resulting from authentication requests, blocking the improper privilege elevation path exploited by this flaw.
Limits the permissions available to the low-privileged local account, reducing the impact of successful exploitation to full system access.
Requires prompt installation of the vendor security update that corrects the improper authentication handling in affected Windows versions.