Cyber Resilience

CVE-2019-1385

HighCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 12 November 2019

Published
12 November 2019
Modified
29 October 2025
KEV Added
23 May 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0049 66.0th percentile
Risk Priority 36 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-1385 is a high-severity Link Following (CWE-59) vulnerability in Microsoft Windows 10 1709. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 34.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

An elevation of privilege vulnerability exists in the Windows AppX Deployment Extensions when the component improperly performs privilege management, resulting in unauthorized access to system files. The affected software is the AppX Deployment Extensions functionality in Windows, as identified under CVE-2019-1385 with an associated CWE-59 weakness and a CVSS 3.1 base score of 7.8 reflecting local attack vector, low complexity, and high impact on confidentiality, integrity, and availability.

An authenticated attacker can exploit the issue by running a specially crafted application on the target system, which allows elevation of privileges without requiring user interaction beyond the initial execution.

Microsoft security updates address the vulnerability by correcting how AppX Deployment Extensions manages privileges, as detailed in the associated advisory. The flaw is also tracked in CISA's catalog of known exploited vulnerabilities, confirming observed real-world exploitation activity.

EU & UK References

Vulnerability details

An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security…

more

update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'.

CWE(s)
KEV Date Added
23 May 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1709
all versions
microsoft
windows 10 1803
all versions
microsoft
windows 10 1809
all versions
microsoft
windows 10 1903
all versions
microsoft
windows server 2016
all versions
microsoft
windows server 2019
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly counters the improper privilege management in AppX Deployment Extensions by enforcing least-privilege assignment so a crafted application cannot elevate to system-file access.

prevent

Requires the operating system to enforce access-control decisions on AppX operations, blocking the unauthorized privilege escalation path described in the CVE.

prevent

Mandates timely installation of the vendor patch that corrects the AppX privilege-management flaw, eliminating the exploitable condition.

References