CVE-2019-1161: Microsoft Defender Elevation of Privilege Vulnerability
First published: Wed Aug 14 2019(Updated: )
An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the vulnerability and delete protected files on an affected system once MpSigStub.exe ran again. The update addresses the vulnerability and blocks the arbitrary deletion.
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Defender | ||
| Windows 10 | ||
| Windows 10 | =1607 | |
| Windows 10 | =1703 | |
| Windows 10 | =1709 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows | ||
| Microsoft Windows RT | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =r2-sp1 | |
| Microsoft Windows Server | =r2-sp1 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server 2016 | ||
| Microsoft Forefront Endpoint Protection 2010 | ||
| Microsoft Security Essentials | ||
| Microsoft System Center Endpoint Protection | ||
| Microsoft System Center Endpoint Protection | =2012 | |
| Microsoft System Center Endpoint Protection | =2012-r2 | |
| All of | ||
| Any of | ||
| Windows 10 | ||
| Windows 10 | =1607 | |
| Windows 10 | =1703 | |
| Windows 10 | =1709 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows | ||
| Microsoft Windows RT | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =r2-sp1 | |
| Microsoft Windows Server | =r2-sp1 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server 2016 | ||
| Microsoft Defender |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-1161?
CVE-2019-1161 is an elevation of privilege vulnerability in Microsoft Defender.
How does CVE-2019-1161 affect Windows Defender?
CVE-2019-1161 allows attackers to delete files in arbitrary locations using the MpSigStub.exe component of Windows Defender.
Who can exploit CVE-2019-1161?
To exploit CVE-2019-1161, an attacker would first need to log on to the system.
What is the severity of CVE-2019-1161?
CVE-2019-1161 is classified as a high severity vulnerability with a severity value of 7.1.
Where can I find more information about CVE-2019-1161?
More information about CVE-2019-1161 can be found at the following reference: [CVE-2019-1161](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1161)
- agent/type
- agent/remedy
- agent/severity
- agent/references
- agent/title
- agent/first-publish-date
- agent/event
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/microsoft
- canonical/microsoft defender
- canonical/windows 10
- version/windows 10/1607
- version/windows 10/1703
- version/windows 10/1709
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- canonical/microsoft windows
- canonical/microsoft windows rt
- canonical/microsoft windows server
- version/microsoft windows server/sp2
- version/microsoft windows server/r2-sp1
- version/microsoft windows server/r2
- canonical/microsoft windows server 2016
- canonical/microsoft forefront endpoint protection 2010
- canonical/microsoft security essentials
- canonical/microsoft system center endpoint protection
- version/microsoft system center endpoint protection/2012
- version/microsoft system center endpoint protection/2012-r2