An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.
To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the vulnerability and delete protected files on an affected system once MpSigStub.exe ran again.
The update addresses the vulnerability and blocks the arbitrary deletion.
References
Link | Resource |
---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1161 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
29 May 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the vulnerability and delete protected files on an affected system once MpSigStub.exe ran again. The update addresses the vulnerability and blocks the arbitrary deletion. |
09 Sep 2021, 13:33
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:microsoft:system_center_endpoint_protection_2012:-:*:*:*:*:*:*:* |
cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:-:*:*:*:*:*:* cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:r2:*:*:*:*:*:* |
Information
Published : 2019-08-14 21:15
Updated : 2024-05-29 17:16
NVD link : CVE-2019-1161
Mitre link : CVE-2019-1161
CVE.ORG link : CVE-2019-1161
JSON object : View
Products Affected
microsoft
- windows_server_2008
- windows_server_2016
- security_essentials
- windows_7
- windows_defender
- windows_10
- forefront_endpoint_protection_2010
- system_center_endpoint_protection
- windows_8.1
- windows_rt_8.1
- windows_server_2012
CWE