Vulnerabilities > CVE-2019-1161 - Unspecified vulnerability in Microsoft products

CVSS 6.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

microsoft

nessus

NVD

Published: 2019-08-14

Updated: 2021-09-09

Summary

An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Windows Defender - Microsoft Forefront Endpoint Protection 2010 - Microsoft Security Essentials - Microsoft System Center Endpoint Protection * Microsoft System Center Endpoint Protection 2012	6
OS	Microsoft Microsoft Windows Server 2008 R2 Microsoft Windows Server 2008 - Microsoft Windows 7 - Microsoft Windows RT 8.1 - Microsoft Windows 10 - Microsoft Windows 10 1607 Microsoft Windows 10 1703 Microsoft Windows 10 1709 Microsoft Windows Server 2012 - Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 - Microsoft Windows 8.1 -	13

Nessus

NASL family	Windows
NASL id	MICROSOFT_DEFENDER_MPSIGSTUB_1_1_16200_1.NASL
description	The version of Microsoft Malware Protection Signature Update Stub (MpSigStub.exe) installed on the remote Windows host is prior to 1.1.16200.1. It is, therefore, affected by a elevation of privilege vulnerability which could allow an attacker who successfully exploited this vulnerability to elevate privileges on the system.
last seen	2020-06-01
modified	2020-06-02
plugin id	127910
published	2019-08-16
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127910
title	Microsoft Defender Elevation of Privilege Vulnerability (CVE-2019-1161)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(127910); script_version("1.3"); script_cvs_date("Date: 2019/10/17 14:31:05"); script_cve_id("CVE-2019-1161"); script_xref(name:"IAVA", value:"2019-A-0294"); script_name(english:"Microsoft Defender Elevation of Privilege Vulnerability (CVE-2019-1161)"); script_summary(english:"Checks the MpSigStub.exe version."); script_set_attribute(attribute:"synopsis", value: "An antimalware application installed on the remote host is affected by an elevation of privilege vulnerability."); script_set_attribute(attribute:"description", value: "The version of Microsoft Malware Protection Signature Update Stub (MpSigStub.exe) installed on the remote Windows host is prior to 1.1.16200.1. It is, therefore, affected by a elevation of privilege vulnerability which could allow an attacker who successfully exploited this vulnerability to elevate privileges on the system."); # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1161 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3b8b2fb0"); script_set_attribute(attribute:"solution", value: "Enable automatic updates to update the scan engine for the relevant antimalware applications. Refer to Knowledge Base Article 2510781 for information on how to verify that MMPE has been updated."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1161"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/13"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:windows_defender"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_hotfixes.nasl"); script_require_keys("SMB/Registry/Enumerated"); script_require_ports(139, 445); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("misc_func.inc"); app = 'Microsoft Malware Protection Signature Update Stub'; winroot = NULL; mpsigstub_path = NULL; version = NULL; fix = "1.1.16200.1"; get_kb_item_or_exit("SMB/Registry/Enumerated"); winroot = hotfix_get_systemroot(); if (!winroot) exit(1, "Failed to get the system root."); mpsigstub_path = winroot + "\System32\MpSigStub.exe"; ver = hotfix_get_fversion(path:mpsigstub_path); if (ver['error'] != HCF_OK) audit(AUDIT_NOT_DETECT, app); version = join(ver['value'], sep:'.'); if (ver_compare(ver:version, fix:fix) < 0) { report = '\n Product : ' + app; report += '\n Path : ' + mpsigstub_path; report += '\n Installed version : ' + version; report += '\n Fixed version : ' + fix; report += '\n'; security_report_v4(port:0, extra:report, severity:SECURITY_WARNING); } else audit(AUDIT_INST_VER_NOT_VULN, app, version);

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1161