Microsoft Windows: CVE-2019-0707: Windows NDIS Elevation of Privilege Vulnerability
Description
An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it.To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to elevate the attacker's privilege level, aka 'Windows NDIS Elevation of Privilege Vulnerability'.
Solution(s)
- microsoft-windows-windows_10-1507-kb4499154
- microsoft-windows-windows_10-1607-kb4494440
- microsoft-windows-windows_10-1703-kb4499181
- microsoft-windows-windows_10-1709-kb4499179
- microsoft-windows-windows_10-1803-kb4499167
- microsoft-windows-windows_10-1809-kb4494441
- microsoft-windows-windows_10-1903-kb4497936
- microsoft-windows-windows_server_2012-kb4499158
- microsoft-windows-windows_server_2012_r2-kb4499165
- microsoft-windows-windows_server_2016-1607-kb4494440
- microsoft-windows-windows_server_2019-1809-kb4494441
- msft-kb4497936-10429ff2-9c14-4fb1-abdc-a105642cb1ad
- msft-kb4499158-93082475-fee3-46cf-8c33-1d26b56c536f
- msft-kb4499158-b4ae50b9-4f14-4eaf-8574-6b7a66beb9cb
- msft-kb4499165-4b02df8e-e169-4d3a-a07e-bff78bc2efe3
- msft-kb4499165-b6296768-ff16-4e28-aa22-9e8938569154
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center