CVE-2019-1315
Published: 10 October 2019
Summary
CVE-2019-1315 is a high-severity Link Following (CWE-59) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 8.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
An elevation of privilege vulnerability exists in the Windows Error Reporting manager due to improper handling of hard links, tracked as CVE-2019-1315 and assigned CWE-59. The flaw affects Windows systems running the Error Reporting component and carries a CVSS 3.1 base score of 7.8 reflecting local attack vector, low attack complexity, and low privileges required.
A local attacker with existing low-privileged access can exploit the weakness without user interaction to obtain full control over confidentiality, integrity, and availability on the affected system, enabling escalation to higher privileges.
Microsoft published guidance and patches through its Security Response Center advisory, while CISA lists the vulnerability in its catalog of known exploited issues, confirming active in-the-wild exploitation and underscoring the need to apply the recommended updates promptly.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-9874
Vulnerability details
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.
- CWE(s)
- KEV Date Added
- 15 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the vendor patch that eliminates the hard-link handling flaw in Windows Error Reporting.
Enforces access-control decisions so that low-privileged processes cannot obtain unauthorized elevation through improper hard-link resolution.
Limits the initial privileges of the attacker, reducing the ability to reach or exploit the Error Reporting component for full escalation.