Security restrictions bypass in Windows Defender Firewall
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-0637 |
| CWE-ID | CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Windows Operating systems & Components / Operating system Windows Server Operating systems & Components / Operating system |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Security restrictions bypass
EUVDB-ID: #VU17645
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-0637
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to Windows Defender Firewall incorrectly applies firewall profiles to cellular network connections, when Windows is connected to both an ethernet and a cellular network. A remote attacker can bypass configured firewall policies and perform unauthorized actions against the affected system.
Note, this vulnerability cannot be triggered remotely.
Install updates from vendor's website.
Vulnerable software versionsWindows: 10 1709 10.0.16299.19 - 10 1809 10.0.17763.1
Windows Server: 2019 10.0.17763.1 - 2019 1803
CPE2.3- cpe:2.3:o:microsoft:windows:10_1709:10.0.16299.19:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1803:10.0.17134.48:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1809:10.0.17763.1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2019_1803:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0637
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
