⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-04-05.
CVE-2019-0543 — Improper Authentication in Microsoft Windows Server 2008
Severity
7.8HIGHNVD
OSV6.5
EPSS
24.5%
top 3.87%
CISA KEV
KEVRansomware
Added 2022-03-15
Due 2022-04-05
Exploit
Exploited in wild
Active exploitation observed
Timeline
PublishedJan 8
KEV addedMar 15
KEV dueApr 5
Latest updateMay 13
CISA Required Action: Apply updates per vendor instructions.
Description
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages18 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-3vmp-cf5x-w457: An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege↗2022-05-13
💥Exploits & PoCs
1Exploit-DB
▶
📋Vendor Advisories
2🕵️Threat Intelligence
1Tenable▶
ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help↗2022-03-24