CVE-2019-1385

Known Exploited (CISA KEV)HIGH

7.8

CVSS Severity Score

EPSS Score78.0450%

EPSS Percentile86.74th

PublishedNov 12, 2019

Last ModifiedOct 29, 2025

Vulnerability Description

An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'.

Affected Platforms (CPE)

💻

Microsoft

Windows 10 1709

All versions

💻

Microsoft

Windows 10 1803

All versions

💻

Microsoft

Windows 10 1809

All versions

💻

Microsoft

Windows 10 1903

All versions

💻

Microsoft

Windows Server 2016

All versions

💻

Microsoft

Windows Server 2019

All versions

References & Advisories

🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1385

🔗 https://www.zerodayinitiative.com/advisories/ZDI-19-979/

🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1385

🔗 https://www.zerodayinitiative.com/advisories/ZDI-19-979/

🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1385

Vulnerability Description

Affected Platforms (CPE)

Windows 10 1709

Windows 10 1803

Windows 10 1809

Windows 10 1903

Windows Server 2016

Windows Server 2019

References & Advisories

Related Vulnerabilities