CVE-2019-1385
HIGH KEV RANSOMWAREWindows AppX Deployment Extensions - Privilege Escalation
Title source: llmExploitation Summary
CVE-2019-1385 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 23, 2022, with confirmed use in ransomware campaigns.
Description
An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1385
Third Party Advisory x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-19-979/
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1385
Scores
CVSS v3
7.8
EPSS
0.0049
EPSS Percentile
66.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-05-23
VulnCheck KEV
2022-03-24
InTheWild.io
2022-05-23
ENISA EUVD
EUVD-2019-9942
Ransomware Use
Confirmed
CWE
CWE-59
Status
published
Products (6)
microsoft/windows_10_1709
microsoft/windows_10_1803
microsoft/windows_10_1809
microsoft/windows_10_1903
microsoft/windows_server_2016
microsoft/windows_server_2019
Published
Nov 12, 2019
KEV Added
May 23, 2022
Tracked Since
Feb 18, 2026