A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. To exploit this vulnerability, the attacker would need to tamper with the NTLM exchange. The attacker could then modify flags of the NTLM packet without invalidating the signature. The update addresses the vulnerability by hardening NTLM MIC protection on the server-side.
CVE-2019-1040
Score elevated to 9.0 because EPSS predicts 90% probability of exploitation within the next 30 days (top 0.4% of all CVEs). NVD baseline CVSS 5.3 retained for reference. Confidence: see factors.
- Lower severity and no public exploit yet
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 5.3
- EG Score
- 9.0(high)
- EPSS
- 98.7%
- KEV
- Not listed
Published
June 12, 2019
Last Modified
May 20, 2025
References (2)
- secure@microsofthttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1040
- af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1040
All Vendor Advisories
(1)
Every vendor that published an advisory referencing this CVE — pulled from our cve_vendor_advisories aggregation. Click any row for the vendor's original advisory page.
Data Freshness Timeline
(refreshed 4× in last 7d / 29× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
- 2026-07-05 02:27 UTCEPSS rescore
- 2026-07-01 15:03 UTCEPSS rescore
- 2026-07-01 15:03 UTCEPSS rescore
- 2026-06-30 23:20 UTCEPSS rescore
- 2026-06-29 14:03 UTCEPSS rescore
- 2026-06-28 04:54 UTCEPSS rescore
- 2026-06-28 04:54 UTCEPSS rescore
- 2026-06-25 13:47 UTCEPSS rescore
- 2026-06-25 13:47 UTCEPSS rescore
- 2026-06-23 21:31 UTCEPSS rescore
- 2026-06-23 21:30 UTCEPSS rescore
- 2026-06-21 14:54 UTCEPSS rescore
- 2026-06-21 14:54 UTCEPSS rescore
- 2026-06-21 01:57 UTCEPSS rescore
- 2026-06-21 01:57 UTCEPSS rescore
- 2026-06-19 19:23 UTCEPSS rescore
- 2026-06-19 19:23 UTCEPSS rescore
- 2026-06-18 17:50 UTCEPSS rescore
- 2026-06-17 17:50 UTCEPSS rescore
- 2026-06-16 17:50 UTCEPSS rescore
- 2026-06-15 17:45 UTCEPSS rescore
- 2026-06-14 23:15 UTCEPSS rescore
- 2026-06-14 23:15 UTCEPSS rescore
- 2026-06-13 22:58 UTCEPSS rescore
- 2026-06-11 13:58 UTCEPSS rescore
Show 14 moreShow fewer
- 2026-06-10 22:16 UTCEPSS rescore
- 2026-06-08 14:15 UTCEPSS rescore
- 2026-06-07 15:23 UTCEPSS rescore
- 2026-06-07 15:23 UTCEPSS rescore
- 2026-06-05 22:45 UTCEPSS rescore
- 2026-06-05 22:45 UTCEPSS rescore
- 2026-06-02 20:11 UTCEPSS rescore
- 2026-06-02 20:11 UTCEPSS rescore
- 2026-05-29 13:42 UTCEPSS rescore
- 2026-05-28 13:43 UTCEPSS rescore
- 2026-05-27 18:26 UTCEG score recompute
- 2026-05-27 18:26 UTCVendor advisory
- 2026-05-27 18:26 UTCGHSA enrichment
- 2026-05-27 13:38 UTCEPSS rescore
Publicly available exploits
(5 references)Working exploit code is in the public domain (5 GitHub PoCs). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.
- GitHub PoCQAX-A-Team/dcpwnFirst seen Jan 1, 2021
an impacket-dependent script exploiting CVE-2019-1040
Open source ↗ - Open source ↗GitHub PoCfox-it/cve-2019-1040-scannerFirst seen Jun 24, 2019
- GitHub PoClazaars/UltraRealy_with_CVE-2019-1040First seen Jun 19, 2019
Updated version for the tool UltraRealy with support of the CVE-2019-1040 exploit
Open source ↗ - GitHub PoCRidter/CVE-2019-1040-dcpwnFirst seen Jun 18, 2019
CVE-2019-1040 with Kerberos delegation
Open source ↗ - GitHub PoCRidter/CVE-2019-1040First seen Jun 14, 2019
CVE-2019-1040 with Exchange
Open source ↗
Frequently asked(5)
What is CVE-2019-1040?
When was CVE-2019-1040 disclosed?
Is CVE-2019-1040 actively exploited?
What is the CVSS score of CVE-2019-1040?
How do I remediate CVE-2019-1040?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2019-1040
Is Your Infrastructure Affected by CVE-2019-1040?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.