Microsoft Windows Error Reporting Elevation of Privilege Vulnerability

Summary

An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files.

Credit:

The information has been provided by Gal De Leon

The original article can be found at:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1037

 


Details

An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with administrator privileges.

Vulnerable Systems:
Microsoft Windows Server 2019

Microsoft Windows 10

CVE Information:

CVE-2019-1037

Disclosure Timeline:
Published Date:07/16/2019