Is CVE-2019-1161 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Forefront Endpoint Protection 2010

CVE-2019-1161

An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run…

EPSS: 0.006 (68.8th percentile) — read the EPSS interpretation.

Affected products

Microsoft Forefront Endpoint Protection 2010 — versions N/A
Microsoft Security Essentials — versions N/A
Microsoft System Center 2012 Endpoint Protection — versions N/A
Microsoft System Center 2012 R2 Endpoint Protection — versions N/A
Microsoft System Center Endpoint Protection — versions N/A
Microsoft Windows Defender — versions N/A

Public proof-of-concept exploits

shubham0d/SymBlock

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1161 (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-1161?: CVE-2019-1161 is a vulnerability in Microsoft Forefront Endpoint Protection 2010. Published 2019-08-14.
Is CVE-2019-1161 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.