CVE-2019-1019 HIGH

CVE-2019-1019: Microsoft Windows Security Feature Bypass Vulnerability

Vendor Microsoft
Product Windows 10 Version 1703
Published June 12, 2019
Last update May 20, 2025

CVSS base score

8.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

What the vulnerability does

01Description

A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another machine using the original user privileges. The issue has been addressed by changing how NTLM validates network authentication messages.

Key dates

02Disclosure timeline

June 12, 2019 CVE published
May 20, 2025 Record updated