CVE-2019-1388

HIGH KEV RANSOMWARE

Windows Certificate Dialog - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2019-1388 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 7, 2023, with confirmed use in ransomware campaigns. EIP tracks 5 public exploits from researchers including jas502n, sv3nbeast, nobodyatall648.

AI-analyzed exploit summary This repository provides a detailed analysis and demonstration of CVE-2019-1388, a UAC bypass vulnerability affecting various Windows versions. It includes compatibility notes, screenshots, and references to external technical resources.

Description

An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.

Exploits (5)

nomisec WRITEUP 192 stars

by jas502n · poc

https://github.com/jas502n/CVE-2019-1388

View Code ZIP pw:eip

This repository provides a detailed analysis and demonstration of CVE-2019-1388, a UAC bypass vulnerability affecting various Windows versions. It includes compatibility notes, screenshots, and references to external technical resources.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows (multiple versions)

Auth required

Prerequisites: Local access to the target system · User interaction to trigger the exploit

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec SUSPICIOUS 73 stars

by sv3nbeast · poc

https://github.com/sv3nbeast/CVE-2019-1388

View Code ZIP pw:eip

The repository contains minimal content with a vague description and a GIF demonstrating a UAC bypass. It references external links but lacks technical details or exploit code.

Classification

Suspicious 80%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Windows (UAC bypass)

Auth required

Prerequisites: Local access to the target system · User interaction to trigger the exploit

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WRITEUP 20 stars

by nobodyatall648 · local

https://github.com/nobodyatall648/CVE-2019-1388

View Code ZIP pw:eip

This repository provides a detailed step-by-step guide on exploiting CVE-2019-1388, which abuses the UAC Windows Certificate Dialog to escalate privileges. The method involves manipulating the certificate issuer link to execute commands as NT Authority.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows UAC (User Account Control)

Auth required

Prerequisites: Access to a system with UAC enabled · Ability to trigger a UAC prompt

MITRE ATT&CK

T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec STUB 6 stars

by suprise4u · poc

https://github.com/suprise4u/CVE-2019-1388

View Code ZIP pw:eip

The repository contains only a minimal README with no exploit code or technical details. It appears to be a placeholder or stub with no substantive content related to CVE-2019-1388.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec STUB

by jaychouzzk · poc

https://github.com/jaychouzzk/CVE-2019-1388

View Code ZIP pw:eip

The repository contains only a README.md file with a single line mentioning CVE-2019-1388, with no exploit code, technical details, or additional content.

Classification

Stub 100%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388

Third Party Advisory x_refsource_misc

https://www.zerodayinitiative.com/advisories/ZDI-19-975/

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1388

Scores

CVSS v3 7.8

EPSS 0.0859

EPSS Percentile 94.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2023-04-07

VulnCheck KEV 2022-03-24

InTheWild.io 2022-01-27

ENISA EUVD EUVD-2019-9945

Ransomware Use Confirmed

CWE

CWE-269

Status published

Products (17)

microsoft/windows_10_1507 (2 CPE variants)

microsoft/windows_10_1607 (2 CPE variants)

microsoft/windows_10_1709 (3 CPE variants)

microsoft/windows_10_1803 (3 CPE variants)

microsoft/windows_10_1809 (3 CPE variants)

microsoft/windows_10_1903 (3 CPE variants)

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_1903

... and 7 more

Published Nov 12, 2019

KEV Added Apr 07, 2023

Tracked Since Feb 18, 2026