CVE-2019-0732
Vulnerability from cvelistv5
Published
2019-04-09 20:15
Modified
2024-08-04 17:58
Severity ?
EPSS score ?
Summary
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Security Feature Bypass Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://packetstormsecurity.com/files/152536/Microsoft-Windows-LUAFV-NtSetCachedSigningLevel-Device-Guard-Bypass.html | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0732 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.exploit-db.com/exploits/46716/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/152536/Microsoft-Windows-LUAFV-NtSetCachedSigningLevel-Device-Guard-Bypass.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0732 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/46716/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows |
Version: 7 for 32-bit Systems Service Pack 1 Version: 7 for x64-based Systems Service Pack 1 Version: 8.1 for 32-bit systems Version: 8.1 for x64-based systems Version: RT 8.1 Version: 10 for 32-bit Systems Version: 10 for x64-based Systems Version: 10 Version 1607 for 32-bit Systems Version: 10 Version 1607 for x64-based Systems Version: 10 Version 1703 for 32-bit Systems Version: 10 Version 1703 for x64-based Systems Version: 10 Version 1709 for 32-bit Systems Version: 10 Version 1709 for x64-based Systems Version: 10 Version 1803 for 32-bit Systems Version: 10 Version 1803 for x64-based Systems Version: 10 Version 1803 for ARM64-based Systems Version: 10 Version 1809 for 32-bit Systems Version: 10 Version 1809 for x64-based Systems Version: 10 Version 1809 for ARM64-based Systems Version: 10 Version 1709 for ARM64-based Systems |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:58:57.291Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0732", }, { name: "46716", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/46716/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/152536/Microsoft-Windows-LUAFV-NtSetCachedSigningLevel-Device-Guard-Bypass.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Windows", vendor: "Microsoft", versions: [ { status: "affected", version: "7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "8.1 for 32-bit systems", }, { status: "affected", version: "8.1 for x64-based systems", }, { status: "affected", version: "RT 8.1", }, { status: "affected", version: "10 for 32-bit Systems", }, { status: "affected", version: "10 for x64-based Systems", }, { status: "affected", version: "10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "10 Version 1607 for x64-based Systems", }, { status: "affected", version: "10 Version 1703 for 32-bit Systems", }, { status: "affected", version: "10 Version 1703 for x64-based Systems", }, { status: "affected", version: "10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "10 Version 1709 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "10 Version 1803 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1809 for 32-bit Systems", }, { status: "affected", version: "10 Version 1809 for x64-based Systems", }, { status: "affected", version: "10 Version 1809 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1709 for ARM64-based Systems", }, ], }, { product: "Windows Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2008 R2 for x64-based Systems Service Pack 1 (Core installation)", }, { status: "affected", version: "2008 R2 for Itanium-Based Systems Service Pack 1", }, { status: "affected", version: "2008 R2 for x64-based Systems Service Pack 1", }, { status: "affected", version: "2008 for 32-bit Systems Service Pack 2 (Core installation)", }, { status: "affected", version: "2012", }, { status: "affected", version: "2012 (Core installation)", }, { status: "affected", version: "2012 R2", }, { status: "affected", version: "2012 R2 (Core installation)", }, { status: "affected", version: "2016", }, { status: "affected", version: "2016 (Core installation)", }, { status: "affected", version: "version 1709 (Core Installation)", }, { status: "affected", version: "version 1803 (Core Installation)", }, { status: "affected", version: "2019", }, { status: "affected", version: "2019 (Core installation)", }, { status: "affected", version: "2008 for Itanium-Based Systems Service Pack 2", }, { status: "affected", version: "2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "2008 for x64-based Systems Service Pack 2", }, { status: "affected", version: "2008 for x64-based Systems Service Pack 2 (Core installation)", }, ], }, ], descriptions: [ { lang: "en", value: "A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Security Feature Bypass Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Security Feature Bypass", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-17T02:06:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0732", }, { name: "46716", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/46716/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/152536/Microsoft-Windows-LUAFV-NtSetCachedSigningLevel-Device-Guard-Bypass.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0732", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows", version: { version_data: [ { version_value: "7 for 32-bit Systems Service Pack 1", }, { version_value: "7 for x64-based Systems Service Pack 1", }, { version_value: "8.1 for 32-bit systems", }, { version_value: "8.1 for x64-based systems", }, { version_value: "RT 8.1", }, { version_value: "10 for 32-bit Systems", }, { version_value: "10 for x64-based Systems", }, { version_value: "10 Version 1607 for 32-bit Systems", }, { version_value: "10 Version 1607 for x64-based Systems", }, { version_value: "10 Version 1703 for 32-bit Systems", }, { version_value: "10 Version 1703 for x64-based Systems", }, { version_value: "10 Version 1709 for 32-bit Systems", }, { version_value: "10 Version 1709 for x64-based Systems", }, { version_value: "10 Version 1803 for 32-bit Systems", }, { version_value: "10 Version 1803 for x64-based Systems", }, { version_value: "10 Version 1803 for ARM64-based Systems", }, { version_value: "10 Version 1809 for 32-bit Systems", }, { version_value: "10 Version 1809 for x64-based Systems", }, { version_value: "10 Version 1809 for ARM64-based Systems", }, { version_value: "10 Version 1709 for ARM64-based Systems", }, ], }, }, { product_name: "Windows Server", version: { version_data: [ { version_value: "2008 R2 for x64-based Systems Service Pack 1 (Core installation)", }, { version_value: "2008 R2 for Itanium-Based Systems Service Pack 1", }, { version_value: "2008 R2 for x64-based Systems Service Pack 1", }, { version_value: "2008 for 32-bit Systems Service Pack 2 (Core installation)", }, { version_value: "2012", }, { version_value: "2012 (Core installation)", }, { version_value: "2012 R2", }, { version_value: "2012 R2 (Core installation)", }, { version_value: "2016", }, { version_value: "2016 (Core installation)", }, { version_value: "version 1709 (Core Installation)", }, { version_value: "version 1803 (Core Installation)", }, { version_value: "2019", }, { version_value: "2019 (Core installation)", }, { version_value: "2008 for Itanium-Based Systems Service Pack 2", }, { version_value: "2008 for 32-bit Systems Service Pack 2", }, { version_value: "2008 for x64-based Systems Service Pack 2", }, { version_value: "2008 for x64-based Systems Service Pack 2 (Core installation)", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Security Feature Bypass Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Security Feature Bypass", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0732", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0732", }, { name: "46716", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/46716/", }, { name: "http://packetstormsecurity.com/files/152536/Microsoft-Windows-LUAFV-NtSetCachedSigningLevel-Device-Guard-Bypass.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/152536/Microsoft-Windows-LUAFV-NtSetCachedSigningLevel-Device-Guard-Bypass.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0732", datePublished: "2019-04-09T20:15:16", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T17:58:57.291Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2019-0732\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2019-04-09T21:29:00.427\",\"lastModified\":\"2024-11-21T04:17:11.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Security Feature Bypass Vulnerability'.\"},{\"lang\":\"es\",\"value\":\"En Windows existe una vulnerabilidad de omisión de la característica de seguridad, que podría permitir a un atacante eludir Device Guard, debido a que Windows maneja de forma incorrecta las llamadas al controlador LUAFV (luafv.sys), también conocido como 'Vulnerabilidad de omisión de la característica de seguridad de Windows'.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21540673-614A-4D40-8BD7-3F07723803B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEE2E768-0F45-46E1-B6D7-087917109D98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B14968-3985-43C3-ACE5-8307196EFAE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CB85C75-4D35-480E-843D-60579EC75FCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B8F3DD2-A145-4AF1-8545-CC42892DA3D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6CE5198-C498-4672-AF4C-77AB4BE06C5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F422A8C-2C4E-42C8-B420-E0728037E15C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*\",\"matchCriteriaId\":\"B320A104-9037-487E-BC9A-62B4A6B49FD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B454BFE-D3AB-4CDC-B79B-F60EA3F57DBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAACE735-003E-4ACB-A82E-C0CF97D7F013\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB79EE26-FC32-417D-A49C-A1A63165A968\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/152536/Microsoft-Windows-LUAFV-NtSetCachedSigningLevel-Device-Guard-Bypass.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0732\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/46716/\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/152536/Microsoft-Windows-LUAFV-NtSetCachedSigningLevel-Device-Guard-Bypass.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0732\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/46716/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}", }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.