Microsoft Windows 8.1 Remote Code Execution Vulnerability

Summary

An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully decode and replace authentication request using Kerberos, allowing an attacker to be validated as an Administrator.The update addresses this vulnerability by changing how these requests are validated., aka ‘Windows Elevation of Privilege Vulnerability’.

Credit:

The information has been provided by Isaac Boukris
The original article can be found at: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0734


Details

Microsoft Windows is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

Vulnerable Systems:

  • Microsoft Windows 10
  • Microsoft Windows 10 1607
  • Microsoft Windows 10 1703
  • Microsoft Windows 10 1709
  • Microsoft Windows 10 1803
  • Microsoft Windows 10 1809
  • Microsoft Windows 10 1903
  • Microsoft Windows 7
  • Microsoft Windows 8.1
  • Microsoft Windows Rt 8.1
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2016 1709
  • Microsoft Windows Server 2016 1803
  • Microsoft Windows Server 2019

CVE Information:
CVE-2019-0734

Disclosure Timeline:
Publish Date:05/16/2019