CVE-2019-1074

An elevation of privilege vulnerability exists in Microsoft Windows where certain folders, with local service privilege, are vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could potentially access unauthorized information. The update addresses this vulnerability by not allowing symbolic links in these scenarios., aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1082.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:35

Type Values Removed Values Added
References () https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1074 - Patch, Vendor Advisory () https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1074 - Patch, Vendor Advisory

Information

Published : 2019-07-15 19:15

Updated : 2024-11-21 04:35


NVD link : CVE-2019-1074

Mitre link : CVE-2019-1074

CVE.ORG link : CVE-2019-1074


JSON object : View

Products Affected

microsoft

  • windows_server_2019
  • windows_10
  • windows_server_2016
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')