CVE-2019-1175

Description

An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the psmsrv.dll properly handles objects in memory.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Physical

Changed

Affected products

Microsoft / Windows 101709 – 1709
Microsoft / Windows 101903 – 1903
Microsoft / windows_10_1803
Microsoft / windows_10_1803
Microsoft / windows_10_1809
Microsoft / windows_10_1809
Microsoft / windows_10_1809
Microsoft / windows_server_1803
Microsoft / windows_server_1903
Microsoft / Windows Server 2019

References

VENDOR_ADVISORYhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1175