CVE-2019-1069

HIGH KEV RANSOMWARE

Microsoft Windows 10 1507 - Symlink Following

Title source: rule

Description

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system. The security update addresses the vulnerability by correctly validating file operations.

Exploits (2)

nomisec WORKING POC 37 stars

by S3cur3Th1sSh1t · poc

https://github.com/S3cur3Th1sSh1t/SharpPolarBear

View Code ZIP pw:eip

gitlab WORKING POC

by k44sh · poc

https://gitlab.com/k44sh/cve-2019-1069

View Code ZIP pw:eip

References (5)

[Patch, Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1069

[Exploit, Third Party Advisory] https://blog.0patch.com/2019/06/another-task-scheduler-0day-another.html

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1069

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/119704

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1069

Scores

CVSS v3 7.8

EPSS 0.3008

EPSS Percentile 96.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-15

VulnCheck KEV 2021-04-16

InTheWild.io 2021-04-20

ENISA EUVD EUVD-2019-9651

Ransomware Use Confirmed

CWE

CWE-59

Status published

Products (11)

microsoft/windows_10_1507

microsoft/windows_10_1607

microsoft/windows_10_1703

microsoft/windows_10_1709

microsoft/windows_10_1803

microsoft/windows_10_1809

microsoft/windows_10_1903

microsoft/windows_server_1803

microsoft/windows_server_1903

microsoft/windows_server_2016

... and 1 more

Published Jun 12, 2019

KEV Added Mar 15, 2022

Tracked Since Feb 18, 2026