Windows 10: CVE-2019-1314 Windows 10 Mobile Security Feature Bypass Vulnerability Mobile

Brink · Oct 10, 2019

Security Vulnerability

Published: 10/08/2019
MITRE CVE-2019-1314

A security feature bypass vulnerability exists in Windows 10 Mobile when Cortana allows a user to access files and folders through the locked screen. An attacker who successfully exploited this vulnerability could access the photo library of an affected phone and modify or delete photos without authenticating to the system.

To exploit the vulnerability, an attacker would require physical access and the phone would need to have Cortana assistance allowed from the lock screen.

Exploitability Assessment

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Publicly Disclosed Exploited Latest Software Release Older Software Release Denial of Service No No 2 - Exploitation Less Likely 2 - Exploitation Less Likely Not Applicable
Security Updates

To determine the support life cycle for your software version or edition, see the Microsoft Support Lifecycle.

Product Platform Article Download Impact Severity Supersedence Windows 10 Mobile Security Feature Bypass Important
Mitigations

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

The following workaround can protect users from this vulnerability by disabling access to Cortana on the phone lock screen. This can be accomplished by following these steps:

Open the Cortana app from the applications screen.

Tap on the Menu button (3 horizontal bars) in the top left of the Cortana app.

Tap on Settings option.

Set the slider for the Lock Screen option to Off to prevent access to Cortana when the device is locked.

FAQ

Where do I find the update for Windows 10 Mobile?

Microsoft is not planning on fixing this vulnerability in Windows 10 Mobile. Microsoft recommends implementing the workaround to restrict access to Cortana.

Acknowledgements

Yuval Ron, Amichai Shulman, and Eli Biham of Technion - Israel Institue of Technology
See acknowledgements for more information.

Disclaimer

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

Version Date Description 1.0 10/08/2019 Information published.
Click to expand...

Source: https://portal.msrc.microsoft.com/en.../CVE-2019-1314

:)

Brink · Oct 10, 2019

CVE-2019-0627 - Windows Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.

To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.

The update addresses the vulnerability by correcting how Windows validates User Mode Code Integrity policies.

Exploitability Assessment

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

[table][tr]Publicly Disclosed Exploited Latest Software Release Older Software Release Denial of Service [/tr] [tr][td]No[/td] [td]No[/td] [td]1 - Exploitation More Likely[/td] [td]1 - Exploitation More Likely[/td] [td]Not Applicable[/td] [/tr] [/table]

Security Updates

To determine the support life cycle for your software version or edition, see the Microsoft Support Lifecycle.

[table][tr]Product Platform Article Download Impact Severity Supersedence [/tr] [tr][td]PowerShell Core 6.1[/td] [td][/td] [td]Release Notes[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td][/td] [/tr] [tr][td]PowerShell Core 6.2[/td] [td][/td] [td]Release Notes[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td][/td] [/tr] [tr][td]Windows 10 for 32-bit Systems[/td] [td][/td] [td]4487018[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480962[/td] [/tr] [tr][td]Windows 10 for x64-based Systems[/td] [td][/td] [td]4487018[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480962[/td] [/tr] [tr][td]Windows 10 Version 1607 for 32-bit Systems[/td] [td][/td] [td]4487026[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480961[/td] [/tr] [tr][td]Windows 10 Version 1607 for x64-based Systems[/td] [td][/td] [td]4487026[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480961[/td] [/tr] [tr][td]Windows 10 Version 1703 for 32-bit Systems[/td] [td][/td] [td]4487020[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480973[/td] [/tr] [tr][td]Windows 10 Version 1703 for x64-based Systems[/td] [td][/td] [td]4487020[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480973[/td] [/tr] [tr][td]Windows 10 Version 1709 for 32-bit Systems[/td] [td][/td] [td]4486996[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480978[/td] [/tr] [tr][td]Windows 10 Version 1709 for 64-based Systems[/td] [td][/td] [td]4486996[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480978[/td] [/tr] [tr][td]Windows 10 Version 1709 for ARM64-based Systems[/td] [td][/td] [td]4486996[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480978[/td] [/tr] [tr][td]Windows 10 Version 1803 for 32-bit Systems[/td] [td][/td] [td]4487017[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480966[/td] [/tr] [tr][td]Windows 10 Version 1803 for ARM64-based Systems[/td] [td][/td] [td]4487017[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480966[/td] [/tr] [tr][td]Windows 10 Version 1803 for x64-based Systems[/td] [td][/td] [td]4487017[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480966[/td] [/tr] [tr][td]Windows 10 Version 1809 for 32-bit Systems[/td] [td][/td] [td]4487044[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480116[/td] [/tr] [tr][td]Windows 10 Version 1809 for ARM64-based Systems[/td] [td][/td] [td]4487044[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480116[/td] [/tr] [tr][td]Windows 10 Version 1809 for x64-based Systems[/td] [td][/td] [td]4487044[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480116[/td] [/tr] [tr][td]Windows Server 2016[/td] [td][/td] [td]4487026[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480961[/td] [/tr] [tr][td]Windows Server 2016 (Server Core installation)[/td] [td][/td] [td]4487026[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480961[/td] [/tr] [tr][td]Windows Server 2019[/td] [td][/td] [td]4487044[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480116[/td] [/tr] [tr][td]Windows Server 2019 (Server Core installation)[/td] [td][/td] [td]4487044[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480116[/td] [/tr] [tr][td]Windows Server, version 1709 (Server Core Installation)[/td] [td][/td] [td]4486996[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480978[/td] [/tr] [tr][td]Windows Server, version 1803 (Server Core Installation)[/td] [td][/td] [td]4487017[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480966[/td] [/tr] [/table]

Mitigations

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

Microsoft has not identified any workarounds for this vulnerability.

Acknowledgements

Matt Graeber of SpecterOps

See acknowledgements for more information.

Disclaimer

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

[table][tr]Version Date Description [/tr] [tr][td]1.0[/td] [td]02/12/2019[/td] [td]Information published.[/td] [/tr] [tr][td]2.0[/td] [td]02/19/2019[/td] [td]Revised the Security Updates table to include PowerShell Core 6.1 and 6.2 because they are affected by this vulnerability. See Microsoft Security Advisory - Multiple UMCI bypass vulnerabilities · Issue #13 · PowerShell/Announcements · GitHub for more information.[/td] [/tr] [/table]
Click to expand...

Source: https://portal.msrc.microsoft.com/en.../CVE-2019-0627

Brink · Oct 10, 2019

CVE-2019-0627 - Windows Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.

To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.

The update addresses the vulnerability by correcting how Windows validates User Mode Code Integrity policies.

Exploitability Assessment

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

[table][tr]Publicly Disclosed Exploited Latest Software Release Older Software Release Denial of Service [/tr] [tr][td]No[/td] [td]No[/td] [td]1 - Exploitation More Likely[/td] [td]1 - Exploitation More Likely[/td] [td]Not Applicable[/td] [/tr] [/table]

Security Updates

To determine the support life cycle for your software version or edition, see the Microsoft Support Lifecycle.

[table][tr]Product Platform Article Download Impact Severity Supersedence [/tr] [tr][td]PowerShell Core 6.1[/td] [td][/td] [td]Release Notes[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td][/td] [/tr] [tr][td]PowerShell Core 6.2[/td] [td][/td] [td]Release Notes[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td][/td] [/tr] [tr][td]Windows 10 for 32-bit Systems[/td] [td][/td] [td]4487018[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480962[/td] [/tr] [tr][td]Windows 10 for x64-based Systems[/td] [td][/td] [td]4487018[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480962[/td] [/tr] [tr][td]Windows 10 Version 1607 for 32-bit Systems[/td] [td][/td] [td]4487026[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480961[/td] [/tr] [tr][td]Windows 10 Version 1607 for x64-based Systems[/td] [td][/td] [td]4487026[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480961[/td] [/tr] [tr][td]Windows 10 Version 1703 for 32-bit Systems[/td] [td][/td] [td]4487020[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480973[/td] [/tr] [tr][td]Windows 10 Version 1703 for x64-based Systems[/td] [td][/td] [td]4487020[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480973[/td] [/tr] [tr][td]Windows 10 Version 1709 for 32-bit Systems[/td] [td][/td] [td]4486996[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480978[/td] [/tr] [tr][td]Windows 10 Version 1709 for 64-based Systems[/td] [td][/td] [td]4486996[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480978[/td] [/tr] [tr][td]Windows 10 Version 1709 for ARM64-based Systems[/td] [td][/td] [td]4486996[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480978[/td] [/tr] [tr][td]Windows 10 Version 1803 for 32-bit Systems[/td] [td][/td] [td]4487017[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480966[/td] [/tr] [tr][td]Windows 10 Version 1803 for ARM64-based Systems[/td] [td][/td] [td]4487017[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480966[/td] [/tr] [tr][td]Windows 10 Version 1803 for x64-based Systems[/td] [td][/td] [td]4487017[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480966[/td] [/tr] [tr][td]Windows 10 Version 1809 for 32-bit Systems[/td] [td][/td] [td]4487044[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480116[/td] [/tr] [tr][td]Windows 10 Version 1809 for ARM64-based Systems[/td] [td][/td] [td]4487044[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480116[/td] [/tr] [tr][td]Windows 10 Version 1809 for x64-based Systems[/td] [td][/td] [td]4487044[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480116[/td] [/tr] [tr][td]Windows Server 2016[/td] [td][/td] [td]4487026[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480961[/td] [/tr] [tr][td]Windows Server 2016 (Server Core installation)[/td] [td][/td] [td]4487026[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480961[/td] [/tr] [tr][td]Windows Server 2019[/td] [td][/td] [td]4487044[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480116[/td] [/tr] [tr][td]Windows Server 2019 (Server Core installation)[/td] [td][/td] [td]4487044[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480116[/td] [/tr] [tr][td]Windows Server, version 1709 (Server Core Installation)[/td] [td][/td] [td]4486996[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480978[/td] [/tr] [tr][td]Windows Server, version 1803 (Server Core Installation)[/td] [td][/td] [td]4487017[/td] [td]Security Update[/td] [td]Security Feature Bypass[/td] [td]Important[/td] [td]4480966[/td] [/tr] [/table]

Mitigations

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

Microsoft has not identified any workarounds for this vulnerability.

Acknowledgements

Matt Graeber of SpecterOps

See acknowledgements for more information.

Disclaimer

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

[table][tr]Version Date Description [/tr] [tr][td]1.0[/td] [td]02/12/2019[/td] [td]Information published.[/td] [/tr] [tr][td]2.0[/td] [td]02/19/2019[/td] [td]Revised the Security Updates table to include PowerShell Core 6.1 and 6.2 because they are affected by this vulnerability. See Microsoft Security Advisory - Multiple UMCI bypass vulnerabilities · Issue #13 · PowerShell/Announcements · GitHub for more information.[/td] [/tr] [/table]
Click to expand...

Source: https://portal.msrc.microsoft.com/en.../CVE-2019-0627

NICK ADSL UK · Oct 10, 2019

Microsoft February 2019 Security Updates

Release Notes

February 2019 Security Updates

Release Date: February 12, 2019

The February security release consists of security updates for the following software:

Adobe Flash Player

Internet Explorer

Microsoft Edge

Microsoft Windows

Microsoft Office and Microsoft Office Services and Web Apps

ChakraCore

.NET Framework

Microsoft Exchange Server

Microsoft Visual Studio

Azure IoT SDK

Microsoft Dynamics

Team Foundation Server

Visual Studio Code

Please note the following information regarding the security updates:

A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.

Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.

Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.

For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.

In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates.

ADV190003

ADV190007 *

ADV990001

CVE-2019-0540 *

CVE-2019-0600

CVE-2019-0601

CVE-2019-0602

CVE-2019-0615

CVE-2019-0616

CVE-2019-0619

CVE-2019-0621

CVE-2019-0628

CVE-2019-0635

CVE-2019-0636

CVE-2019-0643

CVE-2019-0648

CVE-2019-0658

CVE-2019-0660

CVE-2019-0661

CVE-2019-0664

CVE-2019-0669

CVE-2019-0676

CVE-2019-0686 *

CVE-2019-0724 *

CVE-2019-0741

Known Issues

44****2

{{windowTitle}}

Windows 10: CVE-2019-1314 Windows 10 Mobile Security Feature Bypass Vulnerability Mobile

CVE-2019-1314 Windows 10 Mobile Security Feature Bypass Vulnerability Mobile

CVE-2019-1314 Windows 10 Mobile Security Feature Bypass Vulnerability Mobile

CVE-2019-1314 Windows 10 Mobile Security Feature Bypass Vulnerability Mobile

CVE-2019-1314 Windows 10 Mobile Security Feature Bypass Vulnerability Mobile - Similar Threads - CVE 2019 1314

BitLocker Security Feature Bypass Vulnerability CVE-2022-41099 and KB5025175

BitLocker Security Feature Bypass Vulnerability CVE-2022-41099 and KB5025175

BitLocker Security Feature Bypass Vulnerability CVE-2022-41099 and KB5025175

Windows 10 Mobile End of Support on December 10, 2019 Mobile

CVE-2019-1378 Windows 10 Update Assistant Vulnerability

CVE-2019-1292 | Windows Elevation of Privilege Vulnerability

CVE-2019-1215 | Windows Elevation of Privilege Vulnerability

CVE-2019-0627 - Windows Security Feature Bypass Vulnerability

CVE-2018-8512 - Microsoft Edge Security Feature Bypass Vulnerability