CVE-2019-1214
published 2019-09-11CVE-2019-1214: An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common…
PriorityP279high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
1.32%
67.4th percentile
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.
Affected
58 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
| microsoft | windows_10_version_1903_for_arm64-based_systems | — | — |
| microsoft | windows_10_version_1903_for_x64-based_systems | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Check Point IPS blade signature name for detection: 'Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2019-1214)' ↗
- →Exploitation requires local logon followed by execution of a crafted application; alert on unexpected process elevation from non-privileged user sessions interacting with CLFS driver ↗
- ·MSRC exploit status lists 'Exploited: No' for this CVE, contradicting the Krebs and CISA reports of in-the-wild exploitation; treat as exploited in the wild per CISA KEV listing ↗
- ·CISA KEV confirms active exploitation and mandates patching; older software releases rated 'Exploitation More Likely' by Microsoft ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
vendor_redhat9.8CRITICAL
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).
vendor_redhat·2024-11-15·CVSS 9.8
CVE-2019-12900 [CRITICAL] CWE-1214 bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).
bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.
Statement: This vulnerability only causes failure to decompress when using the package bzip2 functionality. There is no known vector of attack (apart of possibility that some of the older archives compressed with bzip2 could become unaccessible if still buggy version of bzip2 being used to decompress). This bug has b
CISA
Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability
cisa·2021-11-03·CVSS 7.8
CVE-2019-1214 [HIGH] Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability
Vulnerability: Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability
Affected: Microsoft Windows
Microsoft Windows Common Log File System (CLFS) driver improperly handles objects in memory which can allow for privilege escalation.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-1214
Remediation Due Date: 2022-05-03
Microsoft
Windows Common Log File System Driver Elevation of Privilege Vulnerability
vendor_msrc·2019-09-10·CVSS 7.8
CVE-2019-1214 [HIGH] Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.
The security update addresses the vulnerability by correcting how CLFS handles objects in memory.
Windows Common Log File System Driver: Windows Common Log File System Driver
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No
GHSA
GHSA-2q4x-j5p2-9wxv: An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Window
ghsa_unreviewed·2022-05-24
CVE-2019-1214 [HIGH] CWE-119 GHSA-2q4x-j5p2-9wxv: An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Window
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.
VulnCheck
Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability
vulncheck·2019·CVSS 7.8
CVE-2019-1214 [HIGH] Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability
Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver improperly handles objects in memory which can allow for privilege escalation.
Affected: Microsoft Windows
Required Action: Apply updates per vendor instructions.
Exploitation References: https://isc.sans.edu/diary/25310; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-05-03
No detection rules found.
No public exploits indexed.
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Checkpoint
16th September – Threat Intelligence Bulletin
blogs_checkpoint·2019-09-16
CVE-2019-1208 16th September – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 16th September – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 16th September 2019, please download our Threat Intelligence Bulletin
Top Attacks and Breaches
Garmin, the GPS technology company, has fallen victim to a data breach after their South African shopping site was hosting a malicious software skimmer, capturing customers’ payment data from the website. The stolen data also included home addresses, phone numbers and email addresses.
Ransomware has hit the Wolc
Trendmicro
September Patch Tuesday: RDP Vulns and Zero-Days
blogs_trendmicro·2019-09-11·CVSS 8.8
[HIGH] September Patch Tuesday: RDP Vulns and Zero-Days
Exploits & Vulnerabilities
# September Patch Tuesday: RDP Vulns and Zero-Days
Microsoft’s September Patch Tuesday covered a total of 80 CVEs, 17 of which were rated critical.
By: Trend Micro
2019/09/11
Read time: ( words)
Save to Folio
Microsoft’s September Patch Tuesday covered 80 CVEs, 17 of which were rated critical, and included patches for Azure DevOps Server, Chakra Scripting engine, and Microsoft SharePoint. Sixty-two were labeled as important and included patches for Microsoft Excel, Microsoft Edge, and Microsoft Exchange. Only one was rated as moderate.
### Remote desktop vulnerabilities
Continuing the trend from last month, several of the critical patches were for Remote Desktop Clients and are CVE-2019-0787, CVE-2019-0788, CVE-2019-1290, and CVE-2019-1291 — all Remote Co
Trendmicro
September Patch Tuesday: RDP Vulns and Zero-Days
blogs_trendmicro·2019-09-11·CVSS 8.8
[HIGH] September Patch Tuesday: RDP Vulns and Zero-Days
# September Patch Tuesday: RDP Vulns and Zero-Days
Microsoft’s September Patch Tuesday covered a total of 80 CVEs, 17 of which were rated critical.
By: Trend Micro
Sep 11, 2019
Read time: ( words)
Save to Folio
Microsoft’s September Patch Tuesday covered 80 CVEs, 17 of which were rated critical, and included patches for Azure DevOps Server, Chakra Scripting engine, and Microsoft SharePoint. Sixty-two were labeled as important and included patches for Microsoft Excel, Microsoft Edge, and Microsoft Exchange. Only one was rated as moderate.
### Remote desktop vulnerabilities
Continuing the trend from last month, several of the critical patches were for Remote Desktop Clients and are CVE-2019-0787, CVE-2019-0788, CVE-2019-1290, and CVE-2019-1291 — all Remote Code Execution (RCE) vulnera
Krebs
Patch Tuesday, September 2019 Edition
blogs_krebs·2019-09-10·CVSS 7.8
CVE-2019-1214 [HIGH] Patch Tuesday, September 2019 Edition
Microsoft today issued security updates to plug some 80 security holes in various flavors of its Windows operating systems and related software. The software giant assigned a “critical” rating to almost a quarter of those vulnerabilities, meaning they could be used by malware or miscreants to hijack vulnerable systems with little or no interaction on the part of the user.
Two of the bugs quashed in this month’s patch batch ( CVE-2019-1214 and CVE-2019-1215 ) involve vulnerabilities in all supported versions of Windows that have already been exploited in the wild. Both are known as “privilege escalation” flaws in that they allow an attacker to assume the all-powerful administrator status on a targeted system. Exploits for these types of weaknesses are often deployed along with other attack
Tenable
Microsoft's September 2019 Patch Tuesday: Tenable Roundup
blogs_tenable·2019-09-10
Microsoft's September 2019 Patch Tuesday: Tenable Roundup
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
September 2019 Patch Tuesday – 79 Vulns, 17 Critical, Remote Desktop Client, SharePoint, Exploited PrivEsc
blogs_qualys·2019-09-10·CVSS 8.8
[HIGH] September 2019 Patch Tuesday – 79 Vulns, 17 Critical, Remote Desktop Client, SharePoint, Exploited PrivEsc
This month’s Microsoft Patch Tuesday addresses 79 vulnerabilities with 17 of them labeled as Critical. Of the 17 Critical vulns, 8 are for scripting engines and browsers, 4 are for the Remote Desktop Client, and 3 are for SharePoint. In addition, Microsoft has again patched a critical vulnerability in LNK files, along with a vuln in Azure DevOps / TFS. Adobe has also released patches for Flash and Application Manager.
Update: Following Patch Tuesday, Microsoft updated the entries for CVE-2019-1214 and CVE-2019-1215 to remove the “exploited” label.
## Workstation Patches
Scripting Engine, Browser, and LNK patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are
Qualys
September 2019 Patch Tuesday - 79 Vulns, 17 Critical, Remote Desktop Client, SharePoint, Exploited PrivEsc | Qualys
blogs_qualys·2019-09-10·CVSS 8.8
[HIGH] September 2019 Patch Tuesday - 79 Vulns, 17 Critical, Remote Desktop Client, SharePoint, Exploited PrivEsc | Qualys
This month’s Microsoft Patch Tuesday addresses 79 vulnerabilities with 17 of them labeled as Critical. Of the 17 Critical vulns, 8 are for scripting engines and browsers, 4 are for the Remote Desktop Client, and 3 are for SharePoint. In addition, Microsoft has again patched a critical vulnerability in LNK files, along with a vuln in Azure DevOps / TFS. Adobe has also released patches for Flash and Application Manager.
Update: Following Patch Tuesday, Microsoft updated the entries for CVE-2019-1214 and CVE-2019-1215 to remove the “exploited” label.
### Workstation Patches
Scripting Engine, Browser, and LNK patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are
Zscaler
Zscaler found Multiple Security Vulnerabilities | 09-10-2019
blogs_zscaler·CVSS 5.5
[MEDIUM] Zscaler found Multiple Security Vulnerabilities | 09-10-2019
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
2019-09-11
Published
2021-11-03
Added to CISA KEV
Exploited in the wild