cnvd - cnvd-2019-34580

cnvd-2019-34580

Vulnerability from cnvd

Title: 多款Microsoft产品权限许可和访问控制问题漏洞

Description:

Microsoft Forefront Endpoint Protection等都是美国微软（Microsoft）公司的产品。Microsoft Forefront Endpoint Protection是一套端点安全防护软件。Microsoft Security Essentials是一套免费的杀毒软件。Microsoft Windows Defender是一套Windows系统附带的防病毒软件。

多款Microsoft产品中存在权限许可和访问控制问题漏洞，该漏洞源于用于Defender的MpSigStub.exe文件允许删除任意地址中的文件，攻击者可通过登录到系统并运行特制的命令利用该漏洞删除被保护的文件。

Severity: 中

Patch Name: 多款Microsoft产品权限许可和访问控制问题漏洞的补丁

Patch Description:

多款Microsoft产品中存在权限许可和访问控制问题漏洞，该漏洞源于用于Defender的MpSigStub.exe文件允许删除任意地址中的文件，攻击者可通过登录到系统并运行特制的命令利用该漏洞删除被保护的文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1161

Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-1161

Impacted products

Name
['Microsoft Forefront Endpoint Protection 2010', 'Microsoft Security Essentials', 'Microsoft Windows Defender', 'Microsoft System Center Endpoint Protection', 'Microsoft System Center 2012 R2 Endpoint Protection', 'Microsoft System Center 2012 Endpoint Protection']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-1161",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-1161"
    }
  },
  "description": "Microsoft Forefront Endpoint Protection\u7b49\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Microsoft Forefront Endpoint Protection\u662f\u4e00\u5957\u7aef\u70b9\u5b89\u5168\u9632\u62a4\u8f6f\u4ef6\u3002Microsoft Security Essentials\u662f\u4e00\u5957\u514d\u8d39\u7684\u6740\u6bd2\u8f6f\u4ef6\u3002Microsoft Windows Defender\u662f\u4e00\u5957Windows\u7cfb\u7edf\u9644\u5e26\u7684\u9632\u75c5\u6bd2\u8f6f\u4ef6\u3002\n\n\u591a\u6b3eMicrosoft\u4ea7\u54c1\u4e2d\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7528\u4e8eDefender\u7684MpSigStub.exe\u6587\u4ef6\u5141\u8bb8\u5220\u9664\u4efb\u610f\u5730\u5740\u4e2d\u7684\u6587\u4ef6\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u767b\u5f55\u5230\u7cfb\u7edf\u5e76\u8fd0\u884c\u7279\u5236\u7684\u547d\u4ee4\u5229\u7528\u8be5\u6f0f\u6d1e\u5220\u9664\u88ab\u4fdd\u62a4\u7684\u6587\u4ef6\u3002",
  "discovererName": "Eran Shimony",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1161",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-34580",
  "openTime": "2019-10-11",
  "patchDescription": "Microsoft Forefront Endpoint Protection\u7b49\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Microsoft Forefront Endpoint Protection\u662f\u4e00\u5957\u7aef\u70b9\u5b89\u5168\u9632\u62a4\u8f6f\u4ef6\u3002Microsoft Security Essentials\u662f\u4e00\u5957\u514d\u8d39\u7684\u6740\u6bd2\u8f6f\u4ef6\u3002Microsoft Windows Defender\u662f\u4e00\u5957Windows\u7cfb\u7edf\u9644\u5e26\u7684\u9632\u75c5\u6bd2\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u6b3eMicrosoft\u4ea7\u54c1\u4e2d\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7528\u4e8eDefender\u7684MpSigStub.exe\u6587\u4ef6\u5141\u8bb8\u5220\u9664\u4efb\u610f\u5730\u5740\u4e2d\u7684\u6587\u4ef6\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u767b\u5f55\u5230\u7cfb\u7edf\u5e76\u8fd0\u884c\u7279\u5236\u7684\u547d\u4ee4\u5229\u7528\u8be5\u6f0f\u6d1e\u5220\u9664\u88ab\u4fdd\u62a4\u7684\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eMicrosoft\u4ea7\u54c1\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Forefront Endpoint Protection 2010",
      "Microsoft Security Essentials",
      "Microsoft Windows Defender",
      "Microsoft System Center Endpoint Protection",
      "Microsoft System Center 2012 R2 Endpoint Protection",
      "Microsoft System Center 2012 Endpoint Protection"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-1161",
  "serverity": "\u4e2d",
  "submitTime": "2019-08-23",
  "title": "\u591a\u6b3eMicrosoft\u4ea7\u54c1\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2019-1161 (GCVE-0-2019-1161)

Vulnerability from cvelistv5

Published

2019-08-14 20:55

Modified

2024-08-04 18:06

Severity ?

CWE

Elevation of Privilege

Summary

An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the vulnerability and delete protected files on an affected system once MpSigStub.exe ran again. The update addresses the vulnerability and blocks the arbitrary deletion.

References

▼	URL	Tags
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1161	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

Microsoft

Microsoft Forefront Endpoint Protection 2010

Version: N/A

Microsoft	Microsoft System Center Endpoint Protection	Version: N/A
Microsoft	Microsoft System Center 2012 R2 Endpoint Protection	Version: N/A
Microsoft	Microsoft Security Essentials	Version: N/A
Microsoft	Microsoft System Center 2012 Endpoint Protection	Version: N/A
Microsoft	Windows Defender	Version: N/A

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:06:31.818Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1161"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Forefront Endpoint Protection 2010",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "cpes": [],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft System Center Endpoint Protection",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "cpes": [],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft System Center 2012 R2 Endpoint Protection",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "cpes": [],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Security Essentials",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "cpes": [],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft System Center 2012 Endpoint Protection",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "cpes": [],
          "platforms": [
            "Windows 10 Version 1703 for 32-bit Systems",
            "Windows 10 Version 1703 for x64-based Systems",
            "Windows 10 Version 1709 for 32-bit Systems",
            "Windows 10 Version 1709 for x64-based Systems",
            "Windows 10 for 32-bit Systems",
            "Windows 10 for x64-based Systems",
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows Server 2016",
            "Windows Server 2016 (Server Core installation)",
            "Windows 7 for 32-bit Systems Service Pack 1",
            "Windows 7 for x64-based Systems Service Pack 1",
            "Windows 8.1 for 32-bit systems",
            "Windows 8.1 for x64-based systems",
            "Windows RT 8.1",
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
            "Windows Server 2008 for Itanium-Based Systems Service Pack 2",
            "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2012",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Windows Defender",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "datePublic": "2019-08-13T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.\nTo exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the vulnerability and delete protected files on an affected system once MpSigStub.exe ran again.\nThe update addresses the vulnerability and blocks the arbitrary deletion.\n"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T16:50:53.510Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1161"
        }
      ],
      "title": "Microsoft Defender Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-1161",
    "datePublished": "2019-08-14T20:55:03",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T18:06:31.818Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted