⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-04-05.

CVE-2019-1315Link Following in Microsoft Windows

CWE-59Link FollowingCWE-755Improper Handling of Exceptional Conditions17 documents9 sources
Severity
7.8HIGHNVD
EPSS
7.6%
top 8.13%
CISA KEV
KEVRansomware
Added 2022-03-15
Due 2022-04-05
Exploit
Exploited in wild
Active exploitation observed
Affected products
9
Microsoft WindowsMicrosoft Windows 10 Version 1903 FOR 32-bit SystemsMicrosoft Windows 10 Version 1903 FOR Arm64-based Systems+6 more
Timeline
PublishedOct 10
KEV addedMar 15
KEV dueApr 5
Latest updateMay 24
CISA Required Action: Apply updates per vendor instructions.

Description

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

CVEListV5microsoft/windows20 versions+19
NVDmicrosoft/windowsr2, 1803, 1903+2
NVDmicrosoft/windows_106 versions+5
CVEListV5microsoft/windows_server17 versions+16

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

7
GHSA
GHSA-jg5r-v4q8-v8jv: An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manage2022-05-24
GHSA
GHSA-6v6c-5w6v-23mc: An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting M2022-05-24
GHSA
GHSA-mgx4-mfmv-7vwr: An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manage2022-05-24
CVEList
CVE-2019-1339: An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manage2019-10-10
CVEList
CVE-2019-1315: An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manage2019-10-10

📋Vendor Advisories

2
CISA
Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability2022-03-15
Microsoft
Windows Error Reporting Manager Elevation of Privilege Vulnerability2019-10-08

🕵️Threat Intelligence

5
Tenable
ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help2022-03-24
Qualys
October 2019 Patch Tuesday – 59 vulns, 9 Critical, Azure App Service, Remote Desktop Client, PoC for Windows Error Reporting2019-10-08
Talos
Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage2019-10-08
Qualys
October 2019 Patch Tuesday - 59 vulns, 9 Critical, Azure App Service, Remote Desktop Client, PoC for Windows Error Reporting | Qualys2019-10-08
Talos
Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage2019-10-08
CVE-2019-1315 — Link Following in Microsoft Windows | cvebase