#VU21290 Input validation error in Microsoft products - CVE-2019-1255

Cybersecurity Help s.r.o.

Published: 2019-09-23

Vulnerability identifier: #VU21290

Vulnerability risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-1255

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Microsoft Security Essentials
Client/Desktop applications / Antivirus software/Personal firewalls
Windows Defender
Client/Desktop applications / Antivirus software/Personal firewalls
Microsoft Forefront Endpoint Protection
Server applications / DLP, anti-spam, sniffers

Vendor: Microsoft

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of files within the Microsoft Malware Protection Engine in Microsoft Defender. A remote attacker can create a specially crafted file, trick the victim into executing it and prevent legitimate accounts from executing legitimate system binaries.

Mitigation

Install updates from vendor's website.

This vulnerability was addressed in Microsoft Malware Protection Engine 1.1.16400.2.

Vulnerable software versions

Microsoft Security Essentials: All versions

Microsoft Forefront Endpoint Protection: 2010

Windows Defender: for Windows RT 8.1 - for Windows 10, Windows 10 1511, Windows 10 1607, Windows Server 2016, Windows 10 1703

External links
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1255

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in Microsoft Defender