CVE-2019-1409 — Improper Initialization in Microsoft Windows

CWE-665 — Improper Initialization10 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.7%

top 28.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Microsoft Windows 10 Version 1903 FOR 32-bit Systems Microsoft Windows 10 Version 1903 FOR Arm64-based Systems +6 more

Timeline

PublishedNov 12

Latest updateMay 24

Description

An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory, aka 'Windows Remote Procedure Call Information Disclosure Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

▶CVEListV5microsoft/windows18 versions+17

▶NVDmicrosoft/windowsr2, 1803, 1903+2

▶NVDmicrosoft/windows_105 versions+4

▶CVEListV5microsoft/windows_server17 versions+16

▶CVEListV5microsoft/windows_10_version_1903_for_32-bit_systemsunspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-j24h-fjfc-58fr: An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory, aka 'Win↗2022-05-24

▶

CVEList

CVE-2019-1409: An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory, aka 'Win↗2019-11-12

▶

📋Vendor Advisories

Microsoft

Windows Remote Procedure Call Information Disclosure Vulnerability↗2019-11-12

▶

🕵️Threat Intelligence

Krebs

Microsoft Patch Tuesday, January 2021 Edition↗2021-01-13

▶

Krebs

Microsoft Patch Tuesday, January 2021 Edition↗2021-01-12

▶

Talos

Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage↗2019-11-12

▶

Talos

Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage↗2019-11-12

▶

💬Community

Bugzilla

CVE-2019-1010262 scapy: denial of service in _RADIUSAttrPacketListField↗2019-08-01

▶

Bugzilla

CVE-2019-1010142 scapy: lack of input validation in port numbers leads to DoS↗2019-07-23

▶