CVE-2019-1019

HIGH

Windows - Security Feature Bypass via NETLOGON Message Session Key Exposure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-1019. PoCs published by Google Security Research.

AI-analyzed exploit summary The writeup details a sandbox escape exploit combining NTLM reflection and an EFSRPC path check bypass to achieve local privilege escalation. It leverages Chromium's sandboxed process to relay NTLM authentication and exploit insufficient path validation in EFSRPC to copy a payload to the Startup folder.

Description

A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another machine using the original user privileges. The issue has been addressed by changing how NTLM validates network authentication messages.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Google Security Research · textlocalwindows

https://www.exploit-db.com/exploits/47115

View Code ZIP pw:eip

The writeup details a sandbox escape exploit combining NTLM reflection and an EFSRPC path check bypass to achieve local privilege escalation. It leverages Chromium's sandboxed process to relay NTLM authentication and exploit insufficient path validation in EFSRPC to copy a payload to the Startup folder.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Complex

Reliability

Theoretical

Target: Microsoft Windows 10.0.17134.648 with Chromium-based browsers

No auth needed

Prerequisites: Sandboxed process with TCP socket access · Chromium-based browser · EFSRPC or lsass named pipe accessibility

MITRE ATT&CK

T1003 - OS Credential Dumping T1068 - Exploitation for Privilege Escalation T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory

http://packetstormsecurity.com/files/153639/Microsoft-Windows-HTTP-To-SMB-NTLM-Reflection-Privilege-Escalation.html

Patch, Vendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1019

Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1019

Scores

CVSS v3 8.5

EPSS 0.1384

EPSS Percentile 96.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-200

Status published

Products (18)

microsoft/windows_10

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_10 1809

microsoft/windows_10 1903

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

... and 8 more

Published Jun 12, 2019

Tracked Since Feb 18, 2026