Microsoft Windows up to Server 2019 Core Shell COM Server Registrar COM Call access control

Summaryinfo

A vulnerability, which was classified as critical, was found in Microsoft Windows up to Server 2019. This issue affects some unknown processing of the component Core Shell COM Server Registrar. Such manipulation as part of COM Call leads to access control. This vulnerability is documented as CVE-2019-1184. The attack can be executed remotely. Additionally, an exploit exists. A patch should be applied to remediate this issue.

Detailsinfo

A vulnerability was found in Microsoft Windows up to Server 2019 (Operating System) and classified as critical. Affected by this issue is some unknown functionality of the component Core Shell COM Server Registrar. The manipulation as part of a COM Call leads to a access control vulnerability. Using CWE to declare the problem leads to CWE-264. Impacted is confidentiality, integrity, and availability. CVE summarizes:

An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting unprotected COM calls.

The weakness was released 08/13/2019 as confirmed security update guide (Website). The advisory is available at portal.msrc.microsoft.com. The public release was coordinated with the vendor. This vulnerability is handled as CVE-2019-1184. The attack may be launched remotely. A simple authentication is required for exploitation. Successful exploitation requires user interaction by the victim. Technical details are unknown but a public exploit is available. This vulnerability is assigned to T1068 by the MITRE ATT&CK project. The advisory points out:

An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions.

A public exploit has been developed by Axel Souchet (0vercl0k) in C++ and been published 5 months after the advisory. The exploit is available at github.com. It is declared as proof-of-concept. As 0-day the estimated underground price was around $25k-$100k.

Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at Exploit-DB (47880). Entries connected to this vulnerability are available at VDB-139950, VDB-139949, VDB-139948 and VDB-139947. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Operating System

Vendor

• Microsoft

Name

• Windows

Version

• 10 1803
• 10 1809
• 10 1903
• Server 1803
• Server 1903
• Server 2019

License

• commercial

Website

• Vendor: https://www.microsoft.com/
• Product: https://www.microsoft.com/en-us/windows

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion