Cyber Resilience

CVE-2019-0863

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 16 May 2019

Published
16 May 2019
Modified
29 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0616 91.0th percentile
Risk Priority 39 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-0863 is a high-severity an unspecified weakness vulnerability in Microsoft Windows 10 1709. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 9.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2019-0863 is an elevation of privilege vulnerability in the way the Windows Error Reporting (WER) component handles files. It affects Microsoft Windows systems and carries a CVSS 3.1 base score of 7.8 reflecting local attack vector, low attack complexity, and low privileges required.

A local attacker with existing low-privileged access can exploit the flaw without user interaction to obtain high impact on confidentiality, integrity, and availability, effectively escalating to full control of the system.

Microsoft security guidance published via the MSRC advisory portal addresses remediation steps, while the vulnerability appears in the CISA catalog of known exploited vulnerabilities.

Publicly available exploit code, including the proof-of-concept released as Angry Polar Bear 2, demonstrates local privilege escalation against WER on affected Windows versions.

EU & UK References

Vulnerability details

An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
all versions
microsoft
windows 10 1607
all versions
microsoft
windows 10 1703
all versions
microsoft
windows 10 1709
all versions
microsoft
windows 10 1803
all versions
microsoft
windows 10 1809
all versions
microsoft
windows 10 1903
all versions
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
microsoft
windows rt 8.1
all versions
+6 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforcing least privilege on WER processes and the files they handle directly blocks the low-to-high privilege escalation path exploited by CVE-2019-0863.

prevent

Proper access enforcement on files and objects processed by WER would have prevented the unauthorized elevation that the vulnerability permits.

prevent

Timely application of the vendor patch for CVE-2019-0863 eliminates the WER file-handling flaw before local exploitation can succeed.

References