Cyber Resilience

CVE-2019-1253

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 11 September 2019

Published
11 September 2019
Modified
29 October 2025
KEV Added
15 March 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.2773 96.6th percentile
Risk Priority 52 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-1253 is a high-severity Link Following (CWE-59) vulnerability in Microsoft Windows 10 1709. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 3.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Deeper analysis

An elevation of privilege vulnerability exists in the Windows AppX Deployment Server when it improperly handles junctions. The flaw, tracked as CVE-2019-1253, affects Windows systems and carries a CVSS 3.1 base score of 7.8. It is distinct from the related issues CVE-2019-1215, CVE-2019-1278, and CVE-2019-1303.

An attacker who has already obtained code execution on a victim system can exploit the weakness to escalate privileges. Successful exploitation grants the attacker full control over confidentiality, integrity, and availability on the affected host without requiring user interaction beyond the initial foothold.

Microsoft's security advisory and the CISA Known Exploited Vulnerabilities catalog address the issue, indicating that patches are available through standard Windows update channels. Public exploit code has been published, confirming that the vulnerability has been observed in real-world exploitation.

EU & UK References

Vulnerability details

An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is…

more

unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303.

CWE(s)
KEV Date Added
15 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1703
all versions
microsoft
windows 10 1709
all versions
microsoft
windows 10 1803
all versions
microsoft
windows 10 1809
all versions
microsoft
windows 10 1903
all versions
microsoft
windows server 1803
all versions
microsoft
windows server 1903
all versions
microsoft
windows server 2019
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of the vendor patch that corrects the AppX Deployment Server's improper junction handling.

prevent

Limits the privileges available to any initial code execution, thereby blocking or reducing the impact of the subsequent EoP.

prevent

Enforces access-control decisions on file-system objects so that malicious junctions cannot be used to elevate rights.

References