CVE-2019-0543
CVE-2019-0543
Vexday Risk Score
71High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 4.7%KEV simPoC públicaNuclei —Metasploit —Patch —
Lifecycle
08 Jan 2019Published on NVD
14 Jan 2019Public PoC
15 Mar 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
Windows has a flaw in how it checks who you are when you request access to protected resources, allowing an attacker with basic user permissions to gain admin-level control of the system.
Technical detail
An authentication bypass vulnerability in Windows allows local attackers with standard user privileges to escalate to SYSTEM or administrator context through improper validation of authentication requests. The vulnerability requires local access as a prerequisite and enables full system compromise.
Summary generated and translated by AI from the official description.
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/46156/unverifiedexploitdbwww.exploit-db.com/exploits/46156unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →