Cyber Resilience

CVE-2019-1069

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 12 June 2019

Published
12 June 2019
Modified
29 October 2025
KEV Added
15 March 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.3250 97.0th percentile
Risk Priority 55 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-1069 is a high-severity Link Following (CWE-59) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 3.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

An elevation of privilege vulnerability exists in the Windows Task Scheduler Service due to improper validation of certain file operations, tracked as CVE-2019-1069 and assigned CWE-59. The flaw affects the service's handling of file operations on affected Windows systems and carries a CVSS 3.1 score of 7.8 reflecting local attack vector, low complexity, and high impact on confidentiality, integrity, and availability.

An attacker with unprivileged code execution on a victim system can exploit the issue to gain elevated privileges. Successful exploitation requires only local access and no user interaction beyond the initial foothold.

Microsoft security updates address the vulnerability by implementing correct validation of file operations. The flaw appears in the CISA Known Exploited Vulnerabilities catalog, indicating confirmed in-the-wild exploitation, and has also been discussed in third-party analyses such as 0patch and CERT/CC coordination pages.

EU & UK References

Vulnerability details

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require…

more

unprivileged code execution on a victim system. The security update addresses the vulnerability by correctly validating file operations.

CWE(s)
KEV Date Added
15 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
all versions
microsoft
windows 10 1607
all versions
microsoft
windows 10 1703
all versions
microsoft
windows 10 1709
all versions
microsoft
windows 10 1803
all versions
microsoft
windows 10 1809
all versions
microsoft
windows 10 1903
all versions
microsoft
windows server 1803
all versions
microsoft
windows server 1903
all versions
microsoft
windows server 2016
all versions
+1 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces correct validation of file operations before granting elevated privileges in the Task Scheduler.

prevent

Requires validation of inputs (file operations) to prevent the improper handling that enables local privilege escalation.

prevent

Mandates timely application of the vendor patch that implements proper file-operation validation in the affected service.

References