CVE-2019-0841

EUVD-2019-1592
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10_1703
*
microsoftwindows_10_1709
*
microsoftwindows_10_1803
*
microsoftwindows_10_1809
*
microsoftwindows_server_2019
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
1703 (x64, x86)
KB4493474
1709 (arm64, x64, x86)
KB4493441
1803 (arm64, x64, x86)
KB4493464
1809 (arm64, x64, x86)
KB4493509
Windows Server
1709 Server Core
KB4493441
1803 Server Core
KB4493464
Windows Server 2019
Server Core
KB4493509
Standard
KB4493509
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/152463/Microsoft-Windows-AppX-Deployment-Service-Privilege-Escalation.html
http://packetstormsecurity.com/files/153009/Internet-Explorer-JavaScript-Privilege-Escalation.html
http://packetstormsecurity.com/files/153114/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html
http://packetstormsecurity.com/files/153215/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html
http://packetstormsecurity.com/files/153642/AppXSvc-Hard-Link-Privilege-Escalation.html
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0841
https://www.exploit-db.com/exploits/46683/
https://www.zerodayinitiative.com/advisories/ZDI-19-360/
http://packetstormsecurity.com/files/152463/Microsoft-Windows-AppX-Deployment-Service-Privilege-Escalation.html
http://packetstormsecurity.com/files/153009/Internet-Explorer-JavaScript-Privilege-Escalation.html
http://packetstormsecurity.com/files/153114/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html
http://packetstormsecurity.com/files/153215/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html
http://packetstormsecurity.com/files/153642/AppXSvc-Hard-Link-Privilege-Escalation.html
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0841
https://www.exploit-db.com/exploits/46683/
https://www.zerodayinitiative.com/advisories/ZDI-19-360/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0841