CVE-2019-1161

4 documents4 sources

Severity

7.1HIGH

EPSS

0.6%

top 31.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Forefront Endpoint Protection 2010 Microsoft Microsoft Security Essentials Microsoft Microsoft System Center 2012 Endpoint Protection +4 more

Timeline

PublishedAug 14

Latest updateMay 24

Description

An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the vulnerability and delete protected files on an affected system once MpSigStub.exe ran again. The update addresses the vulnerability and blocks the arbitrary deletion.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages7 packages

▶NVDmicrosoft/system_center_endpoint_protection2012

▶CVEListV5microsoft/microsoft_system_center_endpoint_protectionN/A

▶CVEListV5microsoft/microsoft_system_center_2012_endpoint_protectionN/A

▶CVEListV5microsoft/microsoft_system_center_2012_r2_endpoint_protectionN/A

▶CVEListV5microsoft/windows_defenderN/A

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-32j3-hv3j-q9qq: An elevation of privilege vulnerability exists when the MpSigStub↗2022-05-24

▶

CVEList

Microsoft Defender Elevation of Privilege Vulnerability↗2019-08-14

▶

📋Vendor Advisories

Microsoft

Microsoft Defender Elevation of Privilege Vulnerability↗2019-08-13

▶