LiveActive security incident?Get immediate response
CVE Record

CVE-2019-1044: Windows Secure Kernel Mode Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory. To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system. An attacker who successfully exploited the vulnerability could violate virtual trust levels (VTL). The update addresses the vulnerability by correcting how Windows Secure Kernel Mode handles objects in memory to properly enforce VTLs.

MediumCVSS 5.3Not KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2019-1044 is a Windows Secure Kernel Mode bypass. A locally authenticated attacker who can run a crafted application could weaken Virtual Trust Level isolation, reducing protections expected from virtualization-based security. The issue is not described as remotely exploitable, but unpatched Windows 10 1809 and Windows Server 2019 systems remain relevant exposure.

Executive priority

Treat this as a moderate-priority patching issue. It is not sourced as actively exploited and requires local access, but it weakens a core Windows isolation boundary on affected systems. Include it in normal security update compliance, with higher priority for servers and shared workstations.

Technical view

Windows Secure Kernel Mode improperly handles objects in memory, allowing a local authenticated attacker to potentially violate Virtual Trust Levels. The provided CVSS 3.1 score is 5.3 with low complexity, low privileges required, no user interaction, and low confidentiality, integrity, and availability impact. Microsoft states the update corrects memory object handling to enforce VTLs.

Likely exposure

Likely exposure is limited to the listed Microsoft platforms: Windows 10 Version 1809, Windows Server 2019, and Server Core installation variants. Risk depends on whether systems still run affected builds without the Microsoft security update for this CVE.

Exploitation context

The source bundle states exploitation requires local authentication and running a specially crafted application. KEV is false, and no provided source reports active exploitation. The CVSS vector includes E:P, indicating proof-of-concept exploit maturity, but no operational exploitation evidence is included.

Researcher notes

The advisory centers on Secure Kernel Mode memory object handling and VTL enforcement. Sources do not provide deeper root-cause details, affected KB identifiers, exploit mechanics, or observed abuse. Analysis should remain limited to local authenticated security feature bypass on the named Windows versions.

Mitigation direction

  • Apply the Microsoft security update for CVE-2019-1044 to affected Windows systems.
  • Prioritize Windows Server 2019 and shared endpoint environments with local user execution.
  • Check Microsoft guidance for exact update applicability and supersedence.
  • Restrict local code execution paths for non-administrative users where feasible.

Validation and detection

  • Inventory Windows 10 Version 1809 and Windows Server 2019 assets.
  • Confirm affected systems have the relevant Microsoft security update installed.
  • Verify Server Core installations are included in patch compliance reporting.
  • Review endpoint telemetry for unexpected local application execution by low-privilege accounts.
Prepared
Confidence
high
Sources
4

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2019-1044 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Medium
CVSS
5.3 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
3Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
5.3CVSS 3.1MediumCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C1.83.4Primary CVE score

Vulnerability scoring details

Base CVSS 3.1 score

5.3Medium
CVSS 3.1 vector shape for CVE-2019-1044Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
MicrosoftWindows 10 Version 180910.0.17763.0Listed
MicrosoftWindows 10 Version 180910.0.0Listed
MicrosoftWindows Server 201910.0.17763.0Listed
MicrosoftWindows Server 2019 (Server Core installation)10.0.17763.0Listed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.