CVE-2019-1166

A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'.

Published : 2019-10-10 14:15 Updated : 2019-10-15 16:50

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Microsoft Windows 10 - cpe:/o:microsoft:windows_10:-
Microsoft Windows 10 1607 cpe:/o:microsoft:windows_10:1607
Microsoft Windows 10 1703 cpe:/o:microsoft:windows_10:1703
Microsoft Windows 10 1709 cpe:/o:microsoft:windows_10:1709
Microsoft Windows 10 1803 cpe:/o:microsoft:windows_10:1803
Microsoft Windows 10 1809 cpe:/o:microsoft:windows_10:1809
Microsoft Windows 10 1903 cpe:/o:microsoft:windows_10:1903
Microsoft Windows 7 - cpe:/o:microsoft:windows_7:-:sp1
Microsoft Windows 8.1 - cpe:/o:microsoft:windows_8.1:-
Microsoft Windows Rt 8.1 - cpe:/o:microsoft:windows_rt_8.1:-
Microsoft Windows Server 2008 - cpe:/o:microsoft:windows_server_2008:-:sp2
Microsoft Windows Server 2008 r2 cpe:/o:microsoft:windows_server_2008:r2:sp1:~~~~itanium~
Microsoft Windows Server 2008 r2 cpe:/o:microsoft:windows_server_2008:r2:sp1:~~~~x64~
Microsoft Windows Server 2012 - cpe:/o:microsoft:windows_server_2012:-
Microsoft Windows Server 2012 r2 cpe:/o:microsoft:windows_server_2012:r2
Microsoft Windows Server 2016 - cpe:/o:microsoft:windows_server_2016:-
Microsoft Windows Server 2016 1803 cpe:/o:microsoft:windows_server_2016:1803
Microsoft Windows Server 2016 1903 cpe:/o:microsoft:windows_server_2016:1903
Microsoft Windows Server 2019 - cpe:/o:microsoft:windows_server_2019:-
  1. Microsoft (8) Search CVE
    1. Windows 8.1 (1) Search CVE
      1. -
    2. Windows 7 (1) Search CVE
      1. -
    3. Windows Server 2016 (3) Search CVE
      1. -
      2. 1803
      3. 1903
    4. Windows 10 (7) Search CVE
      1. -
      2. 1607
      3. 1703
      4. 1709
      5. 1803
      6. 1809
      7. 1903
    5. Windows Server 2019 (1) Search CVE
      1. -
    6. Windows Rt 8.1 (1) Search CVE
      1. -
    7. Windows Server 2008 (2) Search CVE
      1. -
      2. R2
    8. Windows Server 2012 (2) Search CVE
      1. -
      2. R2

CWE

ID Name Description Links
CWE-287 Improper Authentication When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. CVE

History of changes

Date Event
2019-10-15 16:50
2019-10-10 14:19

New CVE