CVE-2019-1289

MEDIUM

Windows 10 and Windows Server 2016/2019 - Elevation of Privilege via Delivery Optimization File Share Permissions

Title source: llm

Description

An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of Privilege Vulnerability'.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1289

Scores

CVSS v3 5.5

EPSS 0.0068

EPSS Percentile 47.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-863

Status published

Products (11)

microsoft/windows_10

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_10 1809

microsoft/windows_10 1903

microsoft/windows_server_2016

microsoft/windows_server_2016 1803

microsoft/windows_server_2016 1903

... and 1 more

Published Sep 11, 2019

Tracked Since Feb 18, 2026