Aug 2019: Windows File Signature Security Feature Bypass Vulnerability
CVE-2019-1163 Published on August 14, 2019

Windows File Signature Security Feature Bypass Vulnerability
A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature. To exploit the vulnerability, an attacker could modify a signed CAB file and inject malicious code. The attacker could then convince a target user to execute the file. The update addresses the vulnerability by correcting how Windows validates file signatures.

NVD

Weakness Type

Improper Validation of Integrity Check Value

The software does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission. Improper validation of checksums before use results in an unnecessary risk that can easily be mitigated. The protocol specification describes the algorithm used for calculating the checksum. It is then a simple matter of implementing the calculation and verifying that the calculated checksum and the received checksum match. Improper verification of the calculated checksum and the received checksum can lead to far greater consequences.

Products Associated with CVE-2019-1163

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

Microsoft Windows 10

Microsoft Windows Server 2016

Microsoft Windows Server 2019

Microsoft Windows 10 1803

Microsoft Windows Server 1803

Microsoft Windows Server 1903

Microsoft Windows 10 1507

Affected Versions

Microsoft Windows 10 Version 1703:

Version 10.0.0 and below publication is affected.

Microsoft Windows 10 Version 1803:

Version 10.0.0 and below publication is affected.

Microsoft Windows Server, version 1803 (Server Core Installation):

Version 10.0.0 and below publication is affected.

Microsoft Windows 10 Version 1809:

Version 10.0.0 and below publication is affected.

Microsoft Windows Server 2019:

Version 10.0.0 and below publication is affected.

Microsoft Windows Server 2019 (Server Core installation):

Version 10.0.0 and below publication is affected.

Microsoft Windows 10 Version 1709 for 32-bit Systems:

Version 10.0.0 and below publication is affected.

Microsoft Windows 10 Version 1709:

Version 10.0.0 and below publication is affected.

Microsoft Windows 10 Version 1903 for 32-bit Systems:

Version 10.0.0 and below publication is affected.

Microsoft Windows 10 Version 1903 for x64-based Systems:

Version 10.0.0 and below publication is affected.

Microsoft Windows 10 Version 1903 for ARM64-based Systems:

Version 10.0.0 and below publication is affected.

Microsoft Windows Server, version 1903 (Server Core installation):

Version 10.0.0 and below publication is affected.

Microsoft Windows 10 Version 1507:

Version 10.0.0 and below publication is affected.

Microsoft Windows 10 Version 1607:

Version 10.0.0 and below publication is affected.

Microsoft Windows Server 2016:

Version 10.0.0 and below publication is affected.

Microsoft Windows Server 2016 (Server Core installation):

Version 10.0.0 and below publication is affected.

Exploit Probability

EPSS

2.24%

Percentile

84.27%