Attacker Value
(1 user assessed)
(1 user assessed)
User Interaction
Privileges Required
Attack Vector


Add MITRE ATT&CK tactics and techniques that apply to this CVE.


Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability.

Add Assessment

Technical Analysis

This appears to be a bug in Windows Event Tracing which is a kernel level tracing facility in Windows that allows you to log kernel events or application defined events to a log file. The bug occurs due to something related to Discretionary Access Control Lists or DACLS for short. DACLs in Windows are an access control mechanism made up of a bunch of ACE, or Access Control Entries, put together into a list. Note however that if a DACL does not exist on an object, everyone is allowed access to it and if a DACL is set on an object but not ACE entries are added to the DACL, no one is allowed access to it.

My guess is that somehow it is possible to create a DACL on a specific file or object as any authenticated user that does not have any ACE entries associated with it and thereby cause a component to stop working completely due to its need to access that file. Adding to the fact that this only causes a DoS, is the fact that this bug supposedly only works on Windows 10 1809 and Windows Server 2019, which further limits its impact.

Overall a pretty low impact bug in my opinion.

General Information


  • Microsoft


  • Windows,
  • Windows Server

Additional Info

Technical Analysis