CVE-2019-0841
Published: 09 April 2019
Summary
CVE-2019-0841 is a high-severity Link Following (CWE-59) vulnerability in Microsoft Windows 10 1703. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 0.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
An elevation of privilege vulnerability tracked as CVE-2019-0841 affects the Windows AppX Deployment Service (AppXSVC), which improperly handles hard links. The flaw is classified under CWE-59 and carries a CVSS 3.1 base score of 7.8, reflecting local attack vector, low complexity, and low privileges required with no user interaction needed to impact confidentiality, integrity, and availability.
A local attacker who already possesses a low-privileged account on an affected Windows system can exploit the hard-link handling issue to escalate privileges to higher levels, potentially obtaining full control over the target machine. Public proof-of-concept code demonstrating this local privilege-escalation path has been posted to Packet Storm in multiple files referencing AppXSVC.
The listed references consist entirely of exploit artifacts rather than vendor advisories or patch guidance, indicating that detailed technical descriptions and working implementations of the attack were made available shortly after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-1592
Vulnerability details
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.
- CWE(s)
- KEV Date Added
- 15 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly counters the local low-to-high privilege escalation path by restricting accounts to only the privileges required, limiting what an attacker starting with minimal rights can achieve via the AppXSVC hard-link flaw.
Enforces access-control decisions on file and object operations, blocking the unauthorized elevation that occurs when AppXSVC improperly resolves hard links created by a low-privileged process.
Requires timely installation of vendor patches that correct the CWE-59 hard-link handling defect inside AppXSVC before an attacker can exploit it.