CVE-2019-1315
published 2019-10-10CVE-2019-1315: An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager…
PriorityP184high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITWRansomware
CISA Known Exploited Vulnerabilitydue 2022-04-05
Exploited in the wild
EPSS
3.48%
87.6th percentile
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.
Affected
66 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation requires an attacker to first log on to the system, then run a specially crafted application that abuses Windows Error Reporting manager's improper handling of hard links to overwrite arbitrary files for privilege escalation. ↗
- →PoC code has been publicly published for this Windows Error Reporting Manager privilege escalation vulnerability; prioritize detection of local exploitation attempts on Windows endpoints. ↗
- →The vulnerability is exploited via hard link abuse in Windows Error Reporting Manager; monitor for suspicious hard link creation targeting system files, particularly in the context of WER processes. ↗
- ·Microsoft's exploit status assessment rates exploitation as 'Less Likely' for both latest and older software releases, despite public disclosure of PoC code. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jg5r-v4q8-v8jv: An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manage
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2019-1315 [HIGH] CWE-59 GHSA-jg5r-v4q8-v8jv: An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manage
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.
GHSA
GHSA-6v6c-5w6v-23mc: An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting M
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2019-1342 [HIGH] CWE-755 GHSA-6v6c-5w6v-23mc: An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting M
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1339.
GHSA
GHSA-mgx4-mfmv-7vwr: An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manage
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2019-1339 [HIGH] CWE-59 GHSA-mgx4-mfmv-7vwr: An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manage
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1342.
VulnCheck
Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability
vulncheck·2019·CVSS 7.8
CVE-2019-1315 [HIGH] CWE-59 Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability
Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.
Affected: Microsoft Windows
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.tenable.com/blog/contileaks-chats-reveal-over-30-vulnerabilities-used-by-conti-ransomware-affiliates; https://www.securin.io/articles/all-about-conti-ransomware/
Remediation Due: 2022-04-05
CISA
Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability
cisa·2022-03-15·CVSS 7.8
CVE-2019-1315 [HIGH] CWE-59 Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability
Vulnerability: Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability
Affected: Microsoft Windows
A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-1315
Remediation Due Date: 2022-04-05
Microsoft
Windows Error Reporting Manager Elevation of Privilege Vulnerability
vendor_msrc·2019-10-08·CVSS 7.8
CVE-2019-1315 [HIGH] Windows Error Reporting Manager Elevation of Privilege Vulnerability
Windows Error Reporting Manager Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The security update addresses the vulnerability by correcting how Windows Error Reporting manager handles hard links.
Microsoft Windows: Microsoft Windows
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Pu
No detection rules found.
No public exploits indexed.
Tenable
ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help
blogs_tenable·2022-03-24
ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
October 2019 Patch Tuesday – 59 vulns, 9 Critical, Azure App Service, Remote Desktop Client, PoC for Windows Error Reporting
blogs_qualys·2019-10-08·CVSS 7.8
[HIGH] October 2019 Patch Tuesday – 59 vulns, 9 Critical, Azure App Service, Remote Desktop Client, PoC for Windows Error Reporting
This month’s Microsoft Patch Tuesday addresses 59 vulnerabilities with only 9 of them labeled as Critical. Of the 9 Critical vulns, 7 of them are for browsers and scripting engines. The remaining 2 are for Azure App Service and Remote Desktop Client. In addition, PoC code has been published for an Important Windows Error Reporting vulnerability. Adobe has not posted any patches for Patch Tuesday, but did issue out-of-band patches for ColdFusion on September 24th.
## Workstation Patches
Scripting Engine, Browser, and MSXML patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.
## Azure App Service RCE
A Remote Code Execution
Talos
Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-10-08·CVSS 6.4
[MEDIUM] Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 60 vulnerabilities, nine of which are considered "critical," with the rest being deemed "important."
This month’s security update covers security issues in a variety of Microsoft services and software, the Chakra Scripting Engine, the Windows operating system and the SharePoint software.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here.
### Critical vulnerabilities Microsoft disclosed nine critical vulnerabilities this month, eight of which we will highlight below.
CVE-2019-1333 is a client-side remote execution vulne
Qualys
October 2019 Patch Tuesday - 59 vulns, 9 Critical, Azure App Service, Remote Desktop Client, PoC for Windows Error Reporting | Qualys
blogs_qualys·2019-10-08·CVSS 7.8
[HIGH] October 2019 Patch Tuesday - 59 vulns, 9 Critical, Azure App Service, Remote Desktop Client, PoC for Windows Error Reporting | Qualys
This month’s Microsoft Patch Tuesday addresses 59 vulnerabilities with only 9 of them labeled as Critical. Of the 9 Critical vulns, 7 of them are for browsers and scripting engines. The remaining 2 are for Azure App Service and Remote Desktop Client. In addition, PoC code has been published for an Important Windows Error Reporting vulnerability. Adobe has not posted any patches for Patch Tuesday, but did issue out-of-band patches for ColdFusion on September 24th.
### Workstation Patches
Scripting Engine, Browser, and MSXML patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.
### Azure App Service RCE
A Remote Code Executi
Talos
Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-10-08·CVSS 6.4
[MEDIUM] Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 60 vulnerabilities, nine of which are considered "critical," with the rest being deemed "important."
This month’s security update covers security issues in a variety of Microsoft services and software, the Chakra Scripting Engine, the Windows operating system and the SharePoint software.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here .
## Critical vulnerabilities Microsoft disclosed nine critical vulnerabilities this month, eight of
2019-10-10
Published
2022-03-15
Added to CISA KEV
Exploited in the wild