⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2023-04-28.

CVE-2019-1388 — Improper Privilege Management in Microsoft Windows

CWE-269 — Improper Privilege Management11 documents10 sources

Severity

7.8HIGHNVD

EPSS

8.8%

top 7.48%

CISA KEV

KEVRansomware

Added 2023-04-07

Due 2023-04-28

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Windows Microsoft Windows 10 Version 1903 FOR 32-bit Systems Microsoft Windows 10 Version 1903 FOR Arm64-based Systems +5 more

Timeline

PublishedNov 12

KEV addedApr 7

KEV dueApr 28

CISA Required Action: Apply updates per vendor instructions.

Description

An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5microsoft/windows18 versions+17

▶NVDmicrosoft/windowsr2, 1803+1

▶CVEListV5microsoft/windows_server17 versions+16

▶CVEListV5microsoft/windows_10_version_1903_for_32-bit_systemsunspecified

▶CVEListV5microsoft/windows_10_version_1903_for_x64-based_systemsunspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-ggj9-3wxw-7pj6: An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certi↗2022-05-24

▶

CVEList

CVE-2019-1388: An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certi↗2019-11-12

▶

VulnCheck

Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability↗2019

▶

📋Vendor Advisories

CISA

Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability↗2023-04-07

▶

Microsoft

Windows Certificate Dialog Elevation of Privilege Vulnerability↗2019-11-12

▶

🕵️Threat Intelligence

Tenable

ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help↗2022-03-24

▶

Talos

Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage↗2019-11-12

▶

Talos

Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage↗2019-11-12

▶

Crowdstrike

Press #1 to Play: A Look Into eCrime Menu-style Toolkits↗

▶

📄Research Papers

CTF

AdventOfCyber / README↗

▶