CVE-2019-0943

HIGH

Windows - Privilege Escalation

Title source: llm

Description

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system. The update addresses the vulnerability by correcting how Windows handles calls to ALPC.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/47029

View Code ZIP pw:eip

References (2)

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0943

[Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-0943

Scores

CVSS v3 7.8

EPSS 0.0445

EPSS Percentile 89.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (17)

microsoft/windows_10

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_10 1809

microsoft/windows_10 1903

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

... and 7 more

Published Jun 12, 2019

Tracked Since Feb 18, 2026