CVE-2019-1130
HIGH KEV RANSOMWAREWindows AppX Deployment Service - Privilege Escalation
Title source: llmExploitation Summary
CVE-2019-1130 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 23, 2022, with confirmed use in ransomware campaigns.
Description
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129.
References (2)
Core 2
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1130
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1130
Scores
CVSS v3
7.8
EPSS
0.0194
EPSS Percentile
83.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-05-23
VulnCheck KEV
2022-03-24
InTheWild.io
2019-07-16
ENISA EUVD
EUVD-2019-9707
Ransomware Use
Confirmed
CWE
CWE-59
Status
published
Products (15)
microsoft/windows_10_1507
(2 CPE variants)
microsoft/windows_10_1607
(2 CPE variants)
microsoft/windows_10_1703
(2 CPE variants)
microsoft/windows_10_1709
(3 CPE variants)
microsoft/windows_10_1803
(3 CPE variants)
microsoft/windows_10_1809
(3 CPE variants)
microsoft/windows_10_1903
(3 CPE variants)
microsoft/windows_8.1
microsoft/windows_rt_8.1
microsoft/windows_server_1803
... and 5 more
Published
Jul 15, 2019
KEV Added
May 23, 2022
Tracked Since
Feb 18, 2026