CVE-2019-1162

Q: What is the severity of CVE-2019-1162?

CVE-2019-1162 has a CVSS score of 7.8 (HIGH). CVE-2019-1162 is a Windows privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) mechanism. An attacker with local access can exploit this to execute arbitrary code with SYSTEM privileges, potentially gaining full control of the affected system. This affects Windows systems that haven't applied the security update.

7.8 HIGH

📋 TL;DR

CVE-2019-1162 is a Windows privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) mechanism. An attacker with local access can exploit this to execute arbitrary code with SYSTEM privileges, potentially gaining full control of the affected system. This affects Windows systems that haven't applied the security update.

💻 Affected Systems

Products:

Microsoft Windows

Versions: Windows 10, Windows Server 2016, Windows Server 2019

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected Windows versions are vulnerable prior to patching.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full SYSTEM privileges, installs persistent malware, creates backdoor accounts, and exfiltrates sensitive data from the entire system.

🟠

Likely Case

Attacker escalates from standard user to SYSTEM privileges, installs keyloggers or credential stealers, and moves laterally within the network.

🟢

If Mitigated

With proper patching and least privilege principles, impact is limited to isolated systems with minimal data exposure.

🌐 Internet-Facing: LOW - Requires local access to exploit, cannot be triggered remotely over the internet.

🏢 Internal Only: HIGH - Any compromised user account on an internal network could exploit this to gain full system control.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local authenticated access. Proof-of-concept code has been publicly released, making exploitation more accessible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: August 2019 security updates (KB4512508 for Windows 10 1903, KB4512516 for Windows Server 2019, etc.)

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1162

Restart Required: Yes

Instructions:

1. Open Windows Update settings. 2. Check for updates. 3. Install August 2019 security updates. 4. Restart the system when prompted.

🔧 Temporary Workarounds

Restrict local user access

windows

Limit local user accounts to only necessary personnel and implement least privilege principles.

🧯 If You Can't Patch

Implement strict access controls and limit local user accounts
Monitor for suspicious process creation and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check Windows version and compare with patched versions. Unpatched systems running affected Windows versions are vulnerable.

Check Version:

winver

Verify Fix Applied:

Verify that August 2019 security updates are installed via Windows Update history or by checking system version.

📡 Detection & Monitoring

Log Indicators:

Unusual process creation with SYSTEM privileges
ALPC-related errors in Event Viewer
Failed privilege escalation attempts

Network Indicators:

Lateral movement from compromised systems
Unusual outbound connections from previously low-privilege accounts

SIEM Query:

EventID=4688 AND NewProcessName contains 'cmd.exe' OR 'powershell.exe' AND SubjectUserName != SYSTEM AND TokenElevationType=2

📊 Metadata

CVE ID: CVE-2019-1162

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

Published: August 14, 2019

Last Updated: February 20, 2026

🔗 References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1162 Patch,Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1162 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 7 by Microsoft

Windows 8.1 by Microsoft

Windows Rt 8.1 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict local user access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities