Cyber Resilience

CVE-2019-1315

HighCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 10 October 2019

Published
10 October 2019
Modified
29 October 2025
KEV Added
15 March 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0760 92.0th percentile
Risk Priority 40 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-1315 is a high-severity Link Following (CWE-59) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 8.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

An elevation of privilege vulnerability exists in the Windows Error Reporting manager due to improper handling of hard links, tracked as CVE-2019-1315 and assigned CWE-59. The flaw affects Windows systems running the Error Reporting component and carries a CVSS 3.1 base score of 7.8 reflecting local attack vector, low attack complexity, and low privileges required.

A local attacker with existing low-privileged access can exploit the weakness without user interaction to obtain full control over confidentiality, integrity, and availability on the affected system, enabling escalation to higher privileges.

Microsoft published guidance and patches through its Security Response Center advisory, while CISA lists the vulnerability in its catalog of known exploited issues, confirming active in-the-wild exploitation and underscoring the need to apply the recommended updates promptly.

EU & UK References

Vulnerability details

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.

CWE(s)
KEV Date Added
15 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1607
all versions
microsoft
windows 10 1703
all versions
microsoft
windows 10 1709
all versions
microsoft
windows 10 1803
all versions
microsoft
windows 10 1809
all versions
microsoft
windows 10 1903
all versions
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
microsoft
windows rt 8.1
all versions
microsoft
windows server 2008
all versions, r2
+3 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of the vendor patch that eliminates the hard-link handling flaw in Windows Error Reporting.

prevent

Enforces access-control decisions so that low-privileged processes cannot obtain unauthorized elevation through improper hard-link resolution.

prevent

Limits the initial privileges of the attacker, reducing the ability to reach or exploit the Error Reporting component for full escalation.

References