Microsoft Malware Protection Engine
CVE-2019-1161 — Microsoft Defender Elevation of Privilege Vulnerability
Executive Summary
An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the vulnerability and delete protected files on an affected system once MpSigStub.exe ran again. The update addresses the vulnerability and blocks the arbitrary deletion.
Overview
Important
MS Severity
Not Exploited
MS Exploit Status
Less Likely
MS Exploit Likelihood
EPSS Score
0.00896
probability of exploitation in the next 30 days
0.54814 percentile - updated 2026-06-20
View on FIRST.org
Affected Products
30 affected products
| Product | KB Article | Severity | Impact | Restart Required |
|---|---|---|---|---|
| Microsoft Forefront Endpoint Protection 2010 | — |
Important | Elevation of Privilege | Unknown |
| Microsoft Security Essentials | — |
Important | Elevation of Privilege | Unknown |
| Microsoft System Center 2012 Endpoint Protection | — |
Important | Elevation of Privilege | Unknown |
| Microsoft System Center 2012 R2 Endpoint Protection | — |
Important | Elevation of Privilege | Unknown |
| Microsoft System Center Endpoint Protection | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows 10 for 32-bit Systems | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows 10 for x64-based Systems | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows 10 Version 1607 for 32-bit Systems | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows 10 Version 1607 for x64-based Systems | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows 10 Version 1703 for 32-bit Systems | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows 10 Version 1703 for x64-based Systems | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows 10 Version 1709 for 32-bit Systems | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows 10 Version 1709 for x64-based Systems | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows 7 for 32-bit Systems Service Pack 1 | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows 7 for x64-based Systems Service Pack 1 | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows 8.1 for 32-bit systems | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows 8.1 for x64-based systems | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows RT 8.1 | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows Server 2008 for 32-bit Systems Service Pack 2 | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows Server 2008 for Itanium-Based Systems Service Pack 2 | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows Server 2012 | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows Server 2012 (Server Core installation) | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows Server 2012 R2 | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows Server 2012 R2 (Server Core installation) | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows Server 2016 | — |
Important | Elevation of Privilege | Unknown |
| Windows Defender on Windows Server 2016 (Server Core installation) | — |
Important | Elevation of Privilege | Unknown |
Patches
1 patch
| Article | Type | Restart |
|---|---|---|
— |
Unknown |
Known Exploits
No known exploits have been linked for this CVE yet. When available, exploit references will be sourced from public repositories and may be unverified, incomplete, or non-functional. Always review code carefully before use in any environment.
Acknowledgments
References
On This Page