CVE-2019-1065

Published: Jun 12, 2019Modified: May 20, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD (Secondary)

Description

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.

Affected (6)

Products: Microsoft: Windows 10, Windows Server 2016, Windows Server 2019

3 products

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 10	Version 1803
Microsoft Windows 10	Version 1809
Microsoft Windows 10	Version 1903
Microsoft Windows Server 2016	Version 1803
Microsoft Windows Server 2016	Version 1903
Microsoft Windows Server 2019	All versions

Related CWEs

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

References (3)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1065

Source: secure@microsoft.com

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1065

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-19-571/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.