CVE-2019-1384
CRITICALMicrosoft Windows - Privilege Escalation
Title source: llmDescription
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'.
Scores
CVSS v3
9.9
EPSS
0.0266
EPSS Percentile
85.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Classification
CWE
CWE-522
Status
published
Affected Products (18)
microsoft/windows_10
microsoft/windows_10
microsoft/windows_10
microsoft/windows_10
microsoft/windows_10
microsoft/windows_10
microsoft/windows_7
microsoft/windows_8.1
microsoft/windows_rt_8.1
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_server_2012
microsoft/windows_server_2012
microsoft/windows_server_2016
... and 3 more
Timeline
Published
Nov 12, 2019
Tracked Since
Feb 18, 2026