CVE-2019-1130
CVE-2019-1130
In short
Windows AppX Deployment Service fails to properly handle hard links, allowing an attacker with local access to gain higher system privileges. This is a serious flaw because it lets ordinary users escalate their permissions to administrator level.
Technical detail
The vulnerability exists in AppXSVC's hard link handling mechanism (CWE-59: Improper Link Resolution Before File Access), exploitable via local access with minimal privileges. An attacker can manipulate hard links to bypass access controls during file operations, achieving privilege escalation to SYSTEM or administrator context. Successful exploitation requires local code execution capability and knowledge of the vulnerable code path.
Summary generated and translated by AI from the official description.
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Microsoft · WindowsMicrosoft · Windows 10 Version 1903 for 32-bit SystemsMicrosoft · Windows 10 Version 1903 for ARM64-based SystemsMicrosoft · Windows 10 Version 1903 for x64-based SystemsMicrosoft · Windows ServerMicrosoft · Windows Server, version 1903 (Server Core installation)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →