CVE-2019-1164

Q: What is the severity of CVE-2019-1164?

CVE-2019-1164 has a CVSS score of 7.8 (HIGH). This Windows kernel vulnerability allows authenticated attackers to escalate privileges to kernel mode, enabling complete system compromise. It affects Windows systems where attackers can log in and execute code. Successful exploitation grants full administrative control over the affected machine.

7.8 HIGH

📋 TL;DR

This Windows kernel vulnerability allows authenticated attackers to escalate privileges to kernel mode, enabling complete system compromise. It affects Windows systems where attackers can log in and execute code. Successful exploitation grants full administrative control over the affected machine.

💻 Affected Systems

Products:

Microsoft Windows

Versions: Windows 10, Windows Server 2016, Windows Server 2019

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default installations; requires attacker to have ability to log on and execute code on target system.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover: attacker gains kernel-level privileges, can install persistent malware, steal all data, create backdoor accounts, and disable security controls.

🟠

Likely Case

Privilege escalation from standard user to SYSTEM/administrator level, enabling lateral movement, credential theft, and persistence establishment.

🟢

If Mitigated

Limited to authenticated users only; with proper access controls and monitoring, impact is contained to specific compromised accounts.

🌐 Internet-Facing: LOW - Requires authenticated access; not directly exploitable from internet without valid credentials.

🏢 Internal Only: HIGH - Internal attackers or compromised accounts can exploit this for privilege escalation and lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access and ability to execute specially crafted application; kernel vulnerabilities are often weaponized in privilege escalation chains.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: August 2019 security updates (KB4512508 for Windows 10 1809, KB4512516 for Windows Server 2019, etc.)

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1164

Restart Required: Yes

Instructions:

1. Apply August 2019 Windows security updates via Windows Update. 2. For enterprise: Deploy through WSUS or SCCM. 3. Verify update installation with 'wmic qfe list' showing appropriate KB. 4. Restart system to complete installation.

🔧 Temporary Workarounds

Restrict user privileges

windows

Limit user accounts to least privilege necessary to reduce attack surface

Application control policies

windows

Implement AppLocker or Windows Defender Application Control to prevent unauthorized applications

🧯 If You Can't Patch

Implement strict access controls and monitor for unusual privilege escalation attempts
Segment networks to limit lateral movement from compromised systems

🔍 How to Verify

Check if Vulnerable:

Check Windows version and installed updates; systems without August 2019 security updates are vulnerable

Check Version:

wmic os get caption, version, buildnumber && wmic qfe list | findstr KB4512508

Verify Fix Applied:

Verify KB4512508 (Windows 10 1809) or equivalent August 2019 security update is installed

📡 Detection & Monitoring

Log Indicators:

Event ID 4688: New process creation with elevated privileges
Unexpected kernel-mode driver loading
Privilege escalation attempts in security logs

Network Indicators:

Unusual outbound connections from systems after privilege escalation

SIEM Query:

EventID=4688 AND (NewProcessName LIKE "%cmd.exe" OR NewProcessName LIKE "%powershell.exe") AND IntegrityLevel="System"

📊 Metadata

CVE ID: CVE-2019-1164

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-1260

Published: August 14, 2019

Last Updated: February 20, 2026

🔗 References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1164 Patch,Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1164 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 10 by Microsoft

Windows 7 by Microsoft

Windows 8.1 by Microsoft

Windows Rt 8.1 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict user privileges

Application control policies

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities