Published: 11/09/2019 Updated: 12/09/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Microsoft Windows could allow a local authenticated malicious user to gain elevated privileges on the system, caused by improper handling of objects in memory by the Common Log File System (CLFS) driver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

Vulnerability Trend

Recent Articles

Microsoft Patch Tuesday – September 2019
Symantec Threat Intelligence Blog • Preethi Koroth • 11 Sep 2020

This month the vendor has patched 79 vulnerabilities, 18 of which are rated Critical.

Posted: 11 Sep, 201923 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – September 2019This month the vendor has patched 79 vulnerabilities, 18 of which are rated Critical.This month the vendor has patched 79 vulnerabilities, 18 of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as s...

It's 2019, and Windows PCs can be pwned via a shortcut file, a webpage, an evil RDP server...
The Register • Shaun Nichols in San Francisco • 10 Sep 2019

Microsoft joins Adobe and SAP in cleaning up security bugs, two of which are under active attack

Patch Tuesday Microsoft, Adobe, and SAP today delivered a load of security updates for this month's Patch Tuesday.
It will be a busy day for admins and users of Windows PCs and servers, as Microsoft has released updates for a total of 80 CVE-listed bugs.
Among the more serious issues addressed this month are CVE-2019-1215 and CVE-2019-1214, a pair of elevation-of-privilege vulnerabilities that have been under active attack in the wild.
In both cases, experts say, miscreants are...

Microsoft Addresses Two Zero-Days Under Active Attack
Threatpost • Tara Seals • 10 Sep 2019

Two elevation-of-privilege vulnerabilities that have been exploited in the wild as zero-days are at the heart of September’s Patch Tuesday update from Microsoft.
The two EoP vulnerabilities under active attack consist of CVE-2019-1214, which exists in the Windows Common Log File System (CLFS) Driver; and CVE-2019-1215, which impacts the Winsock IFS Driver (ws2ifsl.sys).
“Both flaws exist due to improper handling of objects in memory by the respective drivers,” said Satnam Naran...

Microsoft's September 2019 Patch Tuesday Fixes 79 Vulnerabilities
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Today is Microsoft's September 2019 Patch Tuesday, which means your Windows administrators are going to be up to their elbows in problems. So be nice to them!
With the release of the September 2019 security updates, Microsoft has released 2 advisories and updates for 79 vulnerabilities. Of these vulnerabilities, 17 are classified as Critical. 
All users should install these security updates as soon as possible to protect Windows from security risks.
For information about...