CVE-2019-1019

HIGH

Microsoft Windows 10 - Information Disclosure

Title source: rule

Description

A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another machine using the original user privileges. The issue has been addressed by changing how NTLM validates network authentication messages.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Google Security Research · textlocalwindows

https://www.exploit-db.com/exploits/47115

View Code ZIP pw:eip

References (3)

[Third Party Advisory] http://packetstormsecurity.com/files/153639/Microsoft-Windows-HTTP-To-SMB-NTLM-Reflection-Privilege-Escalation.html

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1019

[Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1019

Scores

CVSS v3 8.5

EPSS 0.0279

EPSS Percentile 86.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-200

Status published

Products (18)

microsoft/windows_10

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_10 1809

microsoft/windows_10 1903

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

... and 8 more

Published Jun 12, 2019

Tracked Since Feb 18, 2026