CVE-2019-1065
HIGHWindows 10 and Windows Server 2016/2019 - Elevation of Privilege via Kernel Memory Handling
Title source: llmDescription
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
References (3)
Core 3
Core References
Patch, Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1065
Third Party Advisory, VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-19-571/
Vendor Advisory vendor-advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1065
Scores
CVSS v3
7.8
EPSS
0.0117
EPSS Percentile
63.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-367
Status
published
Products (6)
microsoft/windows_10
1803
microsoft/windows_10
1809
microsoft/windows_10
1903
microsoft/windows_server_2016
1803
microsoft/windows_server_2016
1903
microsoft/windows_server_2019
Published
Jun 12, 2019
Tracked Since
Feb 18, 2026