Published: 16/05/2019 Updated: 20/05/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

A vulnerability in the Windows Error Reporting (WER) component of Microsoft Windows could allow a local malicious user to execute arbitrary code on a targeted system. The vulnerability exists because the affected software improperly handles files. An attacker could exploit the vulnerability by accessing the system and executing an application that submits malicious input to the affected software. A successful exploit could allow the malicious user to execute arbitrary code with Administrator privileges and completely compromise the system. Microsoft confirmed the vulnerability and released software updates.

Vulnerability Trend

Recent Articles

Microsoft Patch Tuesday – May 2019
Symantec Threat Intelligence Blog • Ratheesh PM • 15 May 2019

This month the vendor has patched 79 vulnerabilities, 22 of which are rated Critical.

Posted: 15 May, 201924 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – May 2019This month the vendor has patched 79 vulnerabilities, 22 of which are rated Critical.As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintai...

Microsoft emits free remote-desktop security patches for WinXP to Server 2008 to avoid another WannaCry
The Register • Iain Thomson in San Francisco • 15 May 2019

Plus plenty of other fixes from Redmond and Adobe – and special guest star Citrix

Patch Tuesday It’s that time of the month again, and Microsoft has released a bumper bundle of security fixes for Patch Tuesday, including one for out-of-support operating systems Windows XP and Server 2003.
Usually support for such aging operating systems costs an arm and a leg, though Redmond has released a freebie because of the serious nature of the critical flaw, assigned CVE-2019-0708, in Remote Desktop Services, or Terminal Services as it was. The vulnerability allows remote code ...

Microsoft Patches Zero-Day Bug Under Active Attack
Threatpost • Tom Spring • 14 May 2019

Microsoft has released a patch for an elevation-of-privileges vulnerability rated important, which is being exploited in the wild.
The bug fix is part of Microsoft’s May Patch Tuesday Security Bulletin. It’s tied to the Windows Error Reporting feature and is being abused by attackers who have gained local access to affected PCs. They are able to trigger arbitrary code-execution in kernel mode — resulting in a complete system compromise.
“They would need to first gain access t...