7.2
CVSSv2

CVE-2019-1064

Published: 12/06/2019 Updated: 14/06/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Microsoft Windows could allow a local authenticated malicious user to gain elevated privileges on the system, caused by improper handling of hard links by the AppX Deployment Service (AppXSVC). By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

Vulnerability Trend

Affected Products

Vendor Product Versions
MicrosoftWindows 101607, 1703, 1709, 1803, 1809, 1903
MicrosoftWindows Server 2016-, 1803, 1903
MicrosoftWindows Server 2019-

Github Repositories

CVE-2019-1064 - AppXSVC Local Privilege Escalation wwwrythmsticknet/posts/cve-2019-1064/

CVE-2019-1064 - AppXSVC Local Privilege Escalation wwwrythmsticknet/posts/cve-2019-1064/

Recent Articles

Microsoft Patch Tuesday – June 2019
Symantec Threat Intelligence Blog • Himanshu Mehta • 12 Jun 2019

This month the vendor has patched 88 vulnerabilities, 20 of which are rated Critical.

Posted: 12 Jun, 201931 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – June 2019This month the vendor has patched 88 vulnerabilities, 20 of which are rated Critical.As always, customers are advised to follow these security best practices:


Install vendor patches as soon as they are available.
Run all software with the least privileges required while still mainta...

It is with a heavy heart that we must report that your software has bugs and needs patching: Microsoft, Adobe, SAP, Intel emit security fixes
The Register • Shaun Nichols in San Francisco • 11 Jun 2019

And Google drops a zero-day on Windows after deadline miss

Patch Tuesday Microsoft, Adobe, Intel, and SAP have all emitted their latest Patch Tuesday batch of security fixes. Users and admins are encouraged to test and install the updates as soon as humanly possible.
For those running Windows and Windows Server, you'll be interested in as many as 88 CVE-listed flaws that need addressing in Microsoft's products.
According to analysts at the Zero Day Initiative, a priority for admins should be a collection of four elevation-of-privilege vulner...

Microsoft Patches Four Publicly-Known Vulnerabilities
Threatpost • Tom Spring • 11 Jun 2019

Microsoft patched four Windows operating system bugs – all of which are already publicly known or have proof of concept exploits – as part of its June Patch Tuesday security bulletin. Each of the vulnerabilities are rated important and there are no reports of public exploitation for the flaws.
The four bugs are part of a total of 88 vulnerabilities that were patched by Microsoft this month, 21 of which are rated critical, 66 rated important and one moderate.
Raising the most conc...