← back
CVE-2019-0543

CVE-2019-0543

CVSS 7.8 HIGHEPSS 4.7%● KEVCWE-287
In short

Windows has a flaw in how it checks who you are when you request access to protected resources, allowing an attacker with basic user permissions to gain admin-level control of the system.

Technical detail

An authentication bypass vulnerability in Windows allows local attackers with standard user privileges to escalate to SYSTEM or administrator context through improper validation of authentication requests. The vulnerability requires local access as a prerequisite and enables full system compromise.

Summary generated and translated by AI from the official description.
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/46156/unverifiedexploitdbwww.exploit-db.com/exploits/46156unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0543https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0543https://www.exploit-db.com/exploits/46156/http://www.securityfocus.com/bid/106408