Cyber Resilience

CVE-2019-1388

HighCISA KEVActive ExploitationEUVD ExploitedRansomware-linkedLPE

Published: 12 November 2019

Published
12 November 2019
Modified
29 October 2025
KEV Added
07 April 2023
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0799 92.3th percentile
Risk Priority 40 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-1388 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Microsoft Windows 10 1709. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 7.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. The flaw, tracked as CVE-2019-1388 and assigned CWE-269, affects the Windows Certificate Dialog component and carries a CVSS 3.1 score of 7.8 reflecting local attack vector, low complexity, and low privileges required.

A local attacker with existing low-privileged access can exploit the issue without user interaction to obtain full control over confidentiality, integrity, and availability on the affected system, enabling privilege escalation to higher rights.

Microsoft has published patches and guidance through its Security Response Center advisory, while the Zero Day Initiative has released a corresponding advisory detailing the issue. The vulnerability appears in CISA's catalog of known exploited vulnerabilities, confirming active real-world exploitation.

EU & UK References

Vulnerability details

An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.

CWE(s)
KEV Date Added
07 April 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
all versions
microsoft
windows 10 1607
all versions
microsoft
windows 10 1709
all versions
microsoft
windows 10 1803
all versions
microsoft
windows 10 1809
all versions
microsoft
windows 10 1903
all versions
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
microsoft
windows rt 8.1
all versions
microsoft
windows server 1903
all versions
+4 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access and privilege restrictions that the Windows Certificate Dialog failed to apply, blocking the unauthorized elevation path.

prevent

Limits the initial low-privilege context an attacker must start from, reducing the impact of any dialog-enforcement bypass.

prevent

Requires timely application of the vendor patch that corrects the improper privilege check inside the Certificate Dialog.

References