Vulnerability Description
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another machine using the original user privileges. The issue has been addressed by changing how NTLM validates network authentication messages.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 10 | - |
| Microsoft | Windows 7 | - |
| Microsoft | Windows 8.1 | - |
| Microsoft | Windows Rt 8.1 | - |
| Microsoft | Windows Server 2008 | - |
| Microsoft | Windows Server 2012 | - |
| Microsoft | Windows Server 2016 | - |
| Microsoft | Windows Server 2019 | - |
Related Weaknesses (CWE)
References
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1019
- http://packetstormsecurity.com/files/153639/Microsoft-Windows-HTTP-To-SMB-NTLM-RThird Party Advisory
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1019PatchVendor Advisory
FAQ
What is CVE-2019-1019?
CVE-2019-1019 is a vulnerability with a CVSS score of 8.5 (HIGH). A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted a...
How severe is CVE-2019-1019?
CVE-2019-1019 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1019?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 10, Microsoft Windows 7, Microsoft Windows 8.1, Microsoft Windows Rt 8.1, Microsoft Windows Server 2008.