CVE-2019-1174

low-risk
Published 2019-08-14

An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the PsmServiceExtHost.dll properly handles objects in memory.

Do I need to act?

-
0.15% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.0/10 High
LOCAL / HIGH complexity

Affected Products (4)

Affected Vendors

Microsoft

References (2)

Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1174
Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1174
29
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 10/34 · Low