CVE-2019-1069

Опубликовано: 12 июн. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Средний

Описание

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system. The security update addresses the vulnerability by correctly validating file operations.

Ссылки

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1069
Patch
Vendor Advisory
https://blog.0patch.com/2019/06/another-task-scheduler-0day-another.html
Exploit
Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1069
Patch
Vendor Advisory
https://www.kb.cert.org/vuls/id/119704
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_1903:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.31692

Средний

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-59

Связанные уязвимости

CVE-2019-1069

CVSS3: 7.8

msrc

около 6 лет назад

Task Scheduler Elevation of Privilege Vulnerability

GHSA-gf8w-3v8h-w6hr

CVSS3: 7.8

github

около 3 лет назад

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations, aka 'Task Scheduler Elevation of Privilege Vulnerability'.

BDU:2019-02495

CVSS3: 7.8

fstec

около 6 лет назад

Уязвимость функции SetJobFileSecurityByName планировщика заданий Task Scheduler операционных систем Windows, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 97%

0.31692

Средний

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-59