CVE-2019-1385

HIGH severity · CVSS 7.8 · CWE-59 · actively exploited (CISA KEV)

7.8CVSS HIGH ● exploited ⚠ ransomware

🔴 Actively exploited in the wild (CISA Known Exploited Vulnerabilities). ⚠ Known use in ransomware campaigns. Added to KEV 2022-05-23. US federal agencies must patch by 2022-06-13.

Summary

An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'.

Impact & exploitability

Attack vectorLocal

Attack complexityLow

Privileges requiredLow

User interactionNone

Confidentiality impactHigh

Integrity impactHigh

Availability impactHigh

Exploit probability (EPSS)0%

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products we track (2)

Windows Server 2016 Windows Server 2019

Recommendation

This vulnerability is being actively exploited in the wild — patch affected products urgently. Open any affected product above for its exact safe version.

Official patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1385 ↗

CVE-2019-1385

Summary

Impact & exploitability

Affected products we track (2)

Recommendation

Additional information