CVE-2019-1170
published 2019-08-14CVE-2019-1170: An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape. An attacker who successfully…
PriorityP352high8.8CVSS 3.1
AVLACLPRLUINSCCHIHAH
EXPLOIT
EPSS
2.43%
82.2th percentile
An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system.
To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.
The security update addresses the vulnerability by preventing sandboxed processes from creating reparse points targeting inaccessible files.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1809 | >= 10.0.0 < publication | publication |
| microsoft | windows_10_version_1903_for_32-bit_systems | >= 10.0.0 < publication | publication |
| microsoft | windows_10_version_1903_for_arm64-based_systems | >= 10.0.0 < publication | publication |
| microsoft | windows_10_version_1903_for_x64-based_systems | >= 10.0.0 < publication | publication |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2019 | >= 10.0.0 < publication | publication |
| msrc | windows_10_version_1809_for_32-bit_systems | — | — |
| msrc | windows_10_version_1809_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1809_for_x64-based_systems | — | — |
| msrc | windows_10_version_1903_for_32-bit_systems | — | — |
| msrc | windows_10_version_1903_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1903_for_x64-based_systems | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_version_1903 | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_msrc7.9HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows NTFS Elevation of Privilege Vulnerability
vendor_msrc·2019-08-13·CVSS 7.9
CVE-2019-1170 [HIGH] Windows NTFS Elevation of Privilege Vulnerability
Windows NTFS Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system.
To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.
The security update addresses the vulnerability by preventing sandboxed processes from creating reparse points targeting inaccessible files.
Windows NTFS: Windows NTFS
Microsoft: Microsoft
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploita
GHSA
GHSA-56c7-crpq-gf4p: An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape, aka 'Windows NTFS Eleva
ghsa_unreviewed·2022-05-24
CVE-2019-1170 [HIGH] CWE-862 GHSA-56c7-crpq-gf4p: An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape, aka 'Windows NTFS Eleva
An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape, aka 'Windows NTFS Elevation of Privilege Vulnerability'.
No detection rules found.
Talos
Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-08-13·CVSS 9.1
[CRITICAL] Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 97 vulnerabilities, 31 of which are rated “critical," 65 that are considered "important" and one "moderate."
This month’s security update covers security issues in a variety of Microsoft services and software, including certain graphics components, Outlook and the Chakra Scripting Engine. For more on our coverage of these bugs, check out our Snort advisories here, covering all of the new rules we have for this release.
### Critical vulnerabilities Microsoft disclosed 31 critical vulnerabilities this month, three of which we will highlight below.
CVE-2019-1181 and CVE-2019-1182 are both remote code execution vulnerabilities in Remote De
Talos
Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-08-13·CVSS 9.8
[CRITICAL] Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 97 vulnerabilities, 31 of which are rated “critical," 65 that are considered "important" and one "moderate."
This month’s security update covers security issues in a variety of Microsoft services and software, including certain graphics components, Outlook and the Chakra Scripting Engine. For more on our coverage of these bugs, check out our Snort advisories here , covering all of the new rules we have for this release.
## Critical vulnerabilities Microsoft disclosed 31 critical vulnerabilities this month, three of which we will highlight below.
CVE-2
http://packetstormsecurity.com/files/154192/Microsoft-Windows-SET_REPARSE_POINT_EX-Mount-Point-Security-Feature-Bypass.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1170http://packetstormsecurity.com/files/154192/Microsoft-Windows-SET_REPARSE_POINT_EX-Mount-Point-Security-Feature-Bypass.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1170
2019-08-14
Published