7.2
CVSSv2

CVE-2019-0841

Published: 09/04/2019 Updated: 15/04/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 703
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.

Vulnerability Trend

Affected Products

Vendor Product Versions
MicrosoftWindows 101703, 1709, 1803, 1809
MicrosoftWindows Server 20161709, 1803
MicrosoftWindows Server 2019-

Exploits

This vulnerability allows low privileged users to hijack file that are owned by NT AUTHORITY\SYSTEM by overwriting permissions on the targeted file Successful exploitation results in "Full Control" permissions for the low privileged user 1 The exploit first checks if the targeted file exists, if it does it will check its permissions Since we ...

Github Repositories

Recent Articles

Microsoft Patch Tuesday – April 2019
Symantec Threat Intelligence Blog • Himanshu Mehta • 10 Apr 2019

This month the vendor has patched 74 vulnerabilities, 14 of which are rated Critical.

Posted: 10 Apr, 201927 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – April 2019This month the vendor has patched 74 vulnerabilities, 14 of which are rated Critical.As always, customers are advised to follow these security best practices:


Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining ...