New Search

Windows Information Disclosure Vulnerability - CVE-2019-1172

oval:org.cisecurity:def:6501

An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker who successfully exploited the vulnerability could take over a user's account. To exploit the vulnerability an attacker would have to trick a user into browsing to a specially crafted website allowing the attacker to steal the user's token. The security update addresses the vulnerability by correcting how MSA handles cookies.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2016
  • Microsoft Windows 10
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows 8.1
  • Microsoft Windows Server 2019
Class:
vulnerability
Reference(s):
  • CVE-2019-1172
  • MSRC-CVE-2019-1172
  • KB4512489
  • KB4512497
  • KB4512517
  • KB4512507
  • KB4512516
  • KB4512501
  • KB4511553
  • KB4512508
Product(s):