What is the severity of CVE-2019-1365?

CVE-2019-1365 is classified as an elevation of privilege vulnerability with a critical severity level.

How do I fix CVE-2019-1365?

To mitigate CVE-2019-1365, apply the latest security updates provided by Microsoft for the affected versions of Windows.

Which versions of Windows are affected by CVE-2019-1365?

CVE-2019-1365 affects multiple versions of Windows, including Windows 7, 8.1, 10, and several Server editions.

What can an attacker do if they exploit CVE-2019-1365?

An attacker who successfully exploits CVE-2019-1365 can execute arbitrary code with elevated privileges on the affected system.

Is CVE-2019-1365 easy to exploit?

Exploitation of CVE-2019-1365 may require specific conditions, making it potentially challenging for an attacker without appropriate access.

Vulnerability/
CVE-2019-1365

critical

9.9

10/10/2019

4/8/2024

CVE-2019-1365

First published: Thu Oct 10 2019(Updated: )

An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\system escaping the Sandbox.The security update addresses the vulnerability by correcting how Microsoft IIS Server sanitizes web requests., aka 'Microsoft IIS Server Elevation of Privilege Vulnerability'.

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Windows 10	=1607
Microsoft Windows 10	=1803
Microsoft Windows 10	=1809
Microsoft Windows 10	=1903
Microsoft Windows 7	=sp1
Microsoft Windows 8.1
Microsoft Windows RT
Microsoft Windows Server	=sp2
Microsoft Windows Server	=r2-sp1
Microsoft Windows Server	=r2-sp1
Microsoft Windows Server
Microsoft Windows Server	=r2
Microsoft Windows Server 2016
Microsoft Windows Server 2016	=1803
Microsoft Windows Server 2016	=1903
Microsoft Windows Server 2019

Remedy

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1365

Never miss a vulnerability like this again

Reference Links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1365

Frequently Asked Questions

What is the severity of CVE-2019-1365?
CVE-2019-1365 is classified as an elevation of privilege vulnerability with a critical severity level.
How do I fix CVE-2019-1365?
To mitigate CVE-2019-1365, apply the latest security updates provided by Microsoft for the affected versions of Windows.
Which versions of Windows are affected by CVE-2019-1365?
CVE-2019-1365 affects multiple versions of Windows, including Windows 7, 8.1, 10, and several Server editions.
What can an attacker do if they exploit CVE-2019-1365?
An attacker who successfully exploits CVE-2019-1365 can execute arbitrary code with elevated privileges on the affected system.
Is CVE-2019-1365 easy to exploit?
Exploitation of CVE-2019-1365 may require specific conditions, making it potentially challenging for an attacker without appropriate access.

agent/type
agent/remedy
agent/severity
agent/references
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
vendor/microsoft
canonical/microsoft windows 10
version/microsoft windows 10/1607
version/microsoft windows 10/1803
version/microsoft windows 10/1809
version/microsoft windows 10/1903
canonical/microsoft windows 7
version/microsoft windows 7/sp1
canonical/microsoft windows 8.1
canonical/microsoft windows rt
canonical/microsoft windows server
version/microsoft windows server/sp2
version/microsoft windows server/r2-sp1
version/microsoft windows server/r2
canonical/microsoft windows server 2016
version/microsoft windows server 2016/1803
version/microsoft windows server 2016/1903
canonical/microsoft windows server 2019