CyberSec.Space Logo
Back to CVE Browser

CVE-2019-0841

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score47.7320%
EPSS Percentile97.32th
PublishedApr 9, 2019
Last ModifiedOct 29, 2025

Vulnerability Description

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.

Affected Platforms (CPE)

πŸ’»
Microsoft

Windows 10 1703

All versions
πŸ’»
Microsoft

Windows 10 1709

All versions
πŸ’»
Microsoft

Windows 10 1803

All versions
πŸ’»
Microsoft

Windows 10 1809

All versions
πŸ’»
Microsoft

Windows Server 2016

= 1803
πŸ’»
Microsoft

Windows Server 2019

All versions

References & Advisories

πŸ”— http://packetstormsecurity.com/files/152463/Microsoft-Windows-AppX-Deployment-Service-Privilege-Escalation.html
πŸ”— http://packetstormsecurity.com/files/153009/Internet-Explorer-JavaScript-Privilege-Escalation.html
πŸ”— http://packetstormsecurity.com/files/153114/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html
πŸ”— http://packetstormsecurity.com/files/153215/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html
πŸ”— http://packetstormsecurity.com/files/153642/AppXSvc-Hard-Link-Privilege-Escalation.html
πŸ”— https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0841
πŸ”— https://www.exploit-db.com/exploits/46683/
πŸ”— https://www.zerodayinitiative.com/advisories/ZDI-19-360/

Related Vulnerabilities

CVE-2017-85899.8

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 1...

CVE-2017-117719.8

The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server...

CVE-2017-85439.8

Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R...

CVE-2017-118999.8

Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security featu...