CVE-2019-1385
Published: 12 November 2019
Summary
CVE-2019-1385 is a high-severity Link Following (CWE-59) vulnerability in Microsoft Windows 10 1709. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 34.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
An elevation of privilege vulnerability exists in the Windows AppX Deployment Extensions when the component improperly performs privilege management, resulting in unauthorized access to system files. The affected software is the AppX Deployment Extensions functionality in Windows, as identified under CVE-2019-1385 with an associated CWE-59 weakness and a CVSS 3.1 base score of 7.8 reflecting local attack vector, low complexity, and high impact on confidentiality, integrity, and availability.
An authenticated attacker can exploit the issue by running a specially crafted application on the target system, which allows elevation of privileges without requiring user interaction beyond the initial execution.
Microsoft security updates address the vulnerability by correcting how AppX Deployment Extensions manages privileges, as detailed in the associated advisory. The flaw is also tracked in CISA's catalog of known exploited vulnerabilities, confirming observed real-world exploitation activity.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-9942
Vulnerability details
An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security…
more
update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'.
- CWE(s)
- KEV Date Added
- 23 May 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly counters the improper privilege management in AppX Deployment Extensions by enforcing least-privilege assignment so a crafted application cannot elevate to system-file access.
Requires the operating system to enforce access-control decisions on AppX operations, blocking the unauthorized privilege escalation path described in the CVE.
Mandates timely installation of the vendor patch that corrects the AppX privilege-management flaw, eliminating the exploitable condition.