CVE-2019-1019

high-risk

Published 2019-06-12

A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another machine using the original user privileges. The issue has been addressed by changing how NTLM validates network authentication messages.

Do I need to act?

2.8% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

47115

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.5/10 High

NETWORK / HIGH complexity

Affected Products (19)

Windows 10

Windows 7

Windows 8.1

Windows Rt 8.1

Windows Server 2008

Windows Server 2012

Windows Server 2016

Windows Server 2019

Affected Vendors

Microsoft

References (3)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1019

Third Party Advisory http://packetstormsecurity.com/files/153639/Microsoft-Windows-HTTP-To-SMB-NTLM-R...

Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1019

/ 100

high-risk

Severity 25/34 · High

Exploitability 13/34 · Low

Exposure 19/34 · Moderate