CVE-2019-1385
CVE-2019-1385
In short
A flaw in Windows AppX Deployment Extensions allows an authenticated attacker to run a specially crafted app that gains elevated privileges and unauthorized access to system files. This is serious because it can let someone with basic access take control of sensitive parts of the system.
Technical detail
An elevation of privilege vulnerability in Windows AppX Deployment Extensions due to improper privilege management (CWE-59). An authenticated attacker can execute a malicious application to escalate privileges and access protected system files. The vulnerability requires local execution but no additional user interaction beyond running the crafted app.
Summary generated and translated by AI from the official description.
An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Microsoft · WindowsMicrosoft · Windows 10 Version 1903 for 32-bit SystemsMicrosoft · Windows 10 Version 1903 for ARM64-based SystemsMicrosoft · Windows 10 Version 1903 for x64-based SystemsMicrosoft · Windows ServerMicrosoft · Windows Server, version 1903 (Server Core installation)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →