Exploitation Summary
CVE-2019-1129 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 15, 2022, with confirmed use in ransomware campaigns.
Description
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1130.
References (2)
Core 2
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1129
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1129
Scores
CVSS v3
7.8
EPSS
0.0207
EPSS Percentile
84.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-03-15
VulnCheck KEV
2022-03-15
InTheWild.io
2022-03-15
ENISA EUVD
EUVD-2019-9706
Ransomware Use
Confirmed
CWE
CWE-59
Status
published
Products (8)
microsoft/windows_10_1703
(2 CPE variants)
microsoft/windows_10_1709
(3 CPE variants)
microsoft/windows_10_1803
(3 CPE variants)
microsoft/windows_10_1809
(3 CPE variants)
microsoft/windows_10_1903
(3 CPE variants)
microsoft/windows_server_1803
microsoft/windows_server_1903
microsoft/windows_server_2019
Published
Jul 15, 2019
KEV Added
Mar 15, 2022
Tracked Since
Feb 18, 2026