Published: 11/09/2019 Updated: 24/08/2020

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 642

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows 10 1703
microsoft windows 10 1803
microsoft windows server 2008 r2
microsoft windows server 2012 -
microsoft windows 10 -
microsoft windows 10 1607
microsoft windows server 2016 -
microsoft windows server 2016 1803
microsoft windows server 2016 1903
microsoft windows server 2019 -
microsoft windows 10 1903
microsoft windows 7 -
microsoft windows 8.1 -
microsoft windows rt 8.1 -
microsoft windows server 2008 -
microsoft windows 10 1709
microsoft windows 10 1809
microsoft windows server 2012 r2

CVE-20190-1215 ws2ifslsys UAF exploit for Windows 10 19H1 x64 This exploit uses the recently patched use after free vulnerability CVE-2019-1215 in ws2ifslsys to achieve local privilege escalation The exploit targets Windows 10 19H1 (1901) x64 and demonstrates how to bypass kASLR, kCFG and SMEP When executing the exploit with medium integrity privileges, successful exploitat

Microsoft Patch Tuesday – September 2019

Symantec Threat Intelligence Blog • Preethi Koroth • 11 Sep 2024

This month the vendor has patched 79 vulnerabilities, 18 of which are rated Critical.

Posted: 11 Sep, 201923 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – September 2019This month the vendor has patched 79 vulnerabilities, 18 of which are rated Critical.This month the vendor has patched 79 vulnerabilities, 18 of which are rated Critical. As always, customers are advised to follow these security best practices: Install vendor patches as soon as they are available. Run all...

The Register • Shaun Nichols in San Francisco • 10 Sep 2019

Microsoft joins Adobe and SAP in cleaning up security bugs, two of which are under active attack Exim marks the spot… of remote code execution: Patch due out today for 'give me root' flaw in mail server

Patch Tuesday Microsoft, Adobe, and SAP today delivered a load of security updates for this month's Patch Tuesday. It will be a busy day for admins and users of Windows PCs and servers, as Microsoft has released updates for a total of 80 CVE-listed bugs. Among the more serious issues addressed this month are CVE-2019-1215 and CVE-2019-1214, a pair of elevation-of-privilege vulnerabilities that have been under active attack in the wild. In both cases, experts say, miscreants are going after older...

CVE-2019-1215

Vulnerability Summary

Vulnerability Trend

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect