By zerosday cve bot•April 7, 2023•
cves
CVE-2019-1388: Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability (Pentest Lab Guide)
CVE-2019-1388: Technical Deep-Dive (Auto Refreshed)
Generated on 2026-03-26T22:41:14.941Z. This file is automatically regenerated every 30 minutes by the CVE AI enrichment job using web sources (NVD, MITRE, CISA KEV, GitHub).
Executive Technical Summary
An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.
- Context preserved from previous revision: An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'. 1. Use only isolated environments and systems you own or are explicitly authorized to test.
Technical Details
- CVE: CVE-2019-1388
- KEV date added: Unknown
- KEV due date: Not specified
- NVD published: 2019-11-12
- NVD modified: 2025-10-29
- MITRE modified: 2025-10-21
- CVSS base score: 7.8
- CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CVSS exploitability score: 1.8
- CVSS impact score: 5.9
- Attack vector: Local
- Attack complexity: Low
- Privileges required: Low
- User interaction: None
- Scope: Unchanged
- Confidentiality impact: High
- Integrity impact: High
- Availability impact: High
Versions and Products Impacted
- microsoft / windows 10 1507
- microsoft / windows 10 1607
- microsoft / windows 10 1709
- microsoft / windows 10 1803
- microsoft / windows 10 1809
- microsoft / windows 10 1903
- microsoft / windows 7
- microsoft / windows 8.1
- microsoft / windows rt 8.1
- microsoft / windows server 1903
- microsoft / windows server 2008
- microsoft / windows server 2008 (versions: r2)
- microsoft / windows server 2012
- microsoft / windows server 2012 (versions: r2)
- microsoft / windows server 2016
- microsoft / windows server 2016 (versions: 1803)
- microsoft / windows server 2019
- Microsoft / Windows (versions: 7 for 32-bit Systems Service Pack 1, 7 for x64-based Systems Service Pack 1, 8.1 for 32-bit systems, 8.1 for x64-based systems, RT 8.1, 10 for 32-bit Systems, 10 for x64-based Systems, 10 Version 1607 for 32-bit Systems, 10 Version 1607 for x64-based Systems, 10 Version 1709 for 32-bit Systems)
- Microsoft / Windows Server (versions: 2008 R2 for x64-based Systems Service Pack 1 (Core installation), 2008 R2 for Itanium-Based Systems Service Pack 1, 2008 R2 for x64-based Systems Service Pack 1, 2008 for 32-bit Systems Service Pack 2 (Core installation), 2012, 2012 (Core installation), 2012 R2, 2012 R2 (Core installation), 2016, 2016 (Core installation))
- Microsoft / Windows 10 Version 1903 for 32-bit Systems (versions: unspecified)
Weakness Classification
- CWE-269
- Elevation of Privilege
Repositories for Lab Validation (Public Examples)
- Mr-xn/Penetration_Testing_POC | stars: 7287 | updated: 2026-03-26 | https://github.com/Mr-xn/Penetration_Testing_POC
Notes: 渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms - Kiosec/Windows-Exploitation | stars: 18 | updated: 2026-03-26 | https://github.com/Kiosec/Windows-Exploitation
Notes: Audit and pentest methodologies for Windows including internal enumeration, privesc, lateral movement, etc.
People and Organizations Mentioned
- microsoft
- Mr-xn
- Kiosec
Practical Defensive Validation (Authorized Only)
- Use only isolated environments and systems you own or are explicitly authorized to test.
- Snapshot infrastructure before validation and preserve baseline logs (EDR, SIEM, OS, app).
- Use microsoft / windows 10 1507 in isolated VM snapshots (vulnerable vs patched) and compare process tree telemetry before/after updates.
- Validate command-execution prevention policies (AppLocker/WDAC/EDR) with harmless test binaries only.
- Create SIEM detections for suspicious parent-child chains, encoded command usage, and abnormal service creation.
References
- NVD record: https://nvd.nist.gov/vuln/detail/CVE-2019-1388
- MITRE CVE record: https://www.cve.org/CVERecord?id=CVE-2019-1388
- CISA KEV Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- CISA KEV JSON feed: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388
- https://www.zerodayinitiative.com/advisories/ZDI-19-975/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1388
- Repository example: https://github.com/Mr-xn/Penetration_Testing_POC
- Repository example: https://github.com/Kiosec/Windows-Exploitation
This content is for defensive security training and authorized validation only.