CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-1385

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score78.0450%
EPSS Percentile86.74th
Published2019年11月12日
Last Modified2025年10月29日

Vulnerability Description

An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'.

Affected Platforms (CPE)

💻
Microsoft

Windows 10 1709

All versions
💻
Microsoft

Windows 10 1803

All versions
💻
Microsoft

Windows 10 1809

All versions
💻
Microsoft

Windows 10 1903

All versions
💻
Microsoft

Windows Server 2016

All versions
💻
Microsoft

Windows Server 2019

All versions

References & Advisories

🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1385
🔗 https://www.zerodayinitiative.com/advisories/ZDI-19-979/
🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1385
🔗 https://www.zerodayinitiative.com/advisories/ZDI-19-979/
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1385

相关漏洞威胁

CVE-2017-118999.8

Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security featu...

CVE-2017-119407.8

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windo...

CVE-2017-118477.8

Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 G...

CVE-2017-119377.8

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windo...