New Search

Windows Error Reporting Elevation of Privilege Vulnerability - CVE-2019-0863

oval:org.cisecurity:def:6412

An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view change or delete data; or create new accounts with administrator privileges. To exploit the vulnerability an attacker must first gain unprivileged execution on a victim system. The security update addresses the vulnerability by correcting the way WER handles files.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows 10
  • Microsoft Windows 7
  • Microsoft Windows Server 2016
  • Microsoft Windows 8.1
  • Microsoft Windows Server 2019
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2012
Class:
vulnerability
Reference(s):
  • CVE-2019-0863
  • MSRC-CVE-2019-0863
  • KB4499175
  • KB4499158
  • KB4499165
  • KB4499154
  • KB4494440
  • KB4499181
  • KB4499179
  • KB4499167
  • KB4494441
  • KB4497936
Product(s):