CVE-2019-1057

Q: What is the severity of CVE-2019-1057?

CVE-2019-1057 has a CVSS score of 7.5 (HIGH). This CVE describes a remote code execution vulnerability in Microsoft XML Core Services (MSXML) parser that allows attackers to run arbitrary code on affected systems. The vulnerability is triggered when MSXML processes malicious XML content, typically delivered through compromised websites. Users running vulnerable versions of Microsoft Windows with Internet Explorer are primarily affected.

7.5 HIGH

Remote Code Execution

📋 TL;DR

This CVE describes a remote code execution vulnerability in Microsoft XML Core Services (MSXML) parser that allows attackers to run arbitrary code on affected systems. The vulnerability is triggered when MSXML processes malicious XML content, typically delivered through compromised websites. Users running vulnerable versions of Microsoft Windows with Internet Explorer are primarily affected.

💻 Affected Systems

Products:

Microsoft XML Core Services (MSXML)
Internet Explorer

Versions: MSXML versions prior to the July 2019 security updates

Operating Systems: Windows 10, Windows 8.1, Windows 7, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2008 R2

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with Internet Explorer configured as default browser or where MSXML is used by other applications to parse XML.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to install programs, view/change/delete data, or create new accounts with full user rights.

🟠

Likely Case

Attacker gains user-level privileges on the compromised system, enabling data theft, lateral movement, or installation of additional malware.

🟢

If Mitigated

No impact if systems are patched or workarounds are implemented; limited impact if user runs with restricted privileges.

🌐 Internet-Facing: MEDIUM - Requires user interaction (visiting malicious site) but can be delivered through common web browsing activities.

🏢 Internal Only: LOW - Primarily affects client-side applications; less relevant for internal-only servers unless they process untrusted XML.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction (visiting malicious website) but no authentication. Attack vector is through web browsers processing XML content.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: July 2019 security updates for affected Windows versions

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1057

Restart Required: Yes

Instructions:

1. Apply July 2019 Windows security updates via Windows Update. 2. For enterprise environments, deploy updates through WSUS or SCCM. 3. Verify update installation by checking Windows Update history.

🔧 Temporary Workarounds

Restrict Internet Explorer XML processing

windows

Configure Internet Explorer to prompt before running ActiveX controls or disable ActiveX controls for untrusted sites.

Configure through Internet Explorer Security Settings: Tools > Internet Options > Security > Custom Level > ActiveX controls and plug-ins

Use alternative browser

windows

Configure systems to use browsers not affected by this MSXML vulnerability (Edge, Chrome, Firefox with default settings).

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized code
Run users with least privilege accounts to limit impact of successful exploitation

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for July 2019 security updates or use Microsoft's Security Update Guide to verify patch status.

Check Version:

wmic qfe list | findstr "KB4507456 KB4507460" or check Settings > Update & Security > Windows Update > View update history

Verify Fix Applied:

Verify KB4507456 (Windows 10 1903), KB4507460 (Windows 10 1809), or corresponding July 2019 updates for your Windows version are installed.

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from Internet Explorer or XML parsing applications
Crash logs from msxml*.dll components

Network Indicators:

HTTP requests to suspicious domains with XML content
Unusual outbound connections following XML file processing

SIEM Query:

Process Creation where (ParentImage contains "iexplore.exe" OR Image contains "msxml") AND CommandLine contains ".xml" OR CommandLine contains suspicious parameters

📊 Metadata

CVE ID: CVE-2019-1057

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-611

Published: August 14, 2019

Last Updated: February 20, 2026

🔗 References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1057 Patch,Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1057 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 7 by Microsoft

Windows 8.1 by Microsoft

Windows Rt 8.1 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Internet Explorer XML processing

Use alternative browser

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities