CVE-2019-18279
Description
Phoenix SCT WinFlash drivers (versions 1.1.12.0 through 1.5.74.0) allow a malicious Windows application to escalate privileges to kernel level.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Phoenix SCT WinFlash drivers (versions 1.1.12.0 through 1.5.74.0) allow a malicious Windows application to escalate privileges to kernel level.
Vulnerability
Phoenix SCT WinFlash versions 1.1.12.0 through 1.5.74.0 include drivers that provide low-level access to system components for firmware updates and diagnostics. These drivers can be abused by a malicious Windows application to gain elevated privileges. The vulnerability stems from the drivers' ability to perform privileged operations without proper access control, allowing user-mode applications to escalate to kernel-level privileges [1].
Exploitation
An attacker with user-level access to a Windows system can load the vulnerable signed driver and use its functionality to read and write kernel memory or execute privileged commands. No additional authentication or user interaction beyond initial access is required. The attacker must have the ability to load a driver (which is possible with standard user privileges if the driver is already present or can be installed) [1].
Impact
Successful exploitation grants the attacker SYSTEM or kernel-level privileges, enabling full compromise of the Windows environment. This includes the ability to disable security software, install persistent malware, and access sensitive data. There is no known direct impact on UEFI firmware [1].
Mitigation
Phoenix Technologies fixed this vulnerability in late June 2019. Users should update WinFlash to a version later than 1.5.74.0. No workaround is available for unpatched versions. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Phoenix SCT/WinFlashdescription
- Range: >=1.1.12.0 <=1.5.74.0
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3- eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/mitrex_refsource_MISC
- eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdfmitrex_refsource_MISC
- www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdfmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.