Vulnerability Description
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 10 1703 | All versions |
| Microsoft | Windows 10 1709 | All versions |
| Microsoft | Windows 10 1803 | All versions |
| Microsoft | Windows 10 1809 | All versions |
| Microsoft | Windows Server 2016 | 1803 |
| Microsoft | Windows Server 2019 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/152463/Microsoft-Windows-AppX-Deployment-SeThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/153009/Internet-Explorer-JavaScript-PrivileThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/153114/Microsoft-Windows-AppX-Deployment-SeThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/153215/Microsoft-Windows-AppX-Deployment-SeThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/153642/AppXSvc-Hard-Link-Privilege-EscalatiExploitThird Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0841PatchVendor Advisory
- https://www.exploit-db.com/exploits/46683/ExploitThird Party AdvisoryVDB Entry
- https://www.zerodayinitiative.com/advisories/ZDI-19-360/Third Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/152463/Microsoft-Windows-AppX-Deployment-SeThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/153009/Internet-Explorer-JavaScript-PrivileThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/153114/Microsoft-Windows-AppX-Deployment-SeThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/153215/Microsoft-Windows-AppX-Deployment-SeThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/153642/AppXSvc-Hard-Link-Privilege-EscalatiExploitThird Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0841PatchVendor Advisory
- https://www.exploit-db.com/exploits/46683/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2019-0841?
CVE-2019-0841 is a vulnerability with a CVSS score of 7.8 (HIGH). An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique f...
How severe is CVE-2019-0841?
CVE-2019-0841 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-0841?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 10 1703, Microsoft Windows 10 1709, Microsoft Windows 10 1803, Microsoft Windows 10 1809, Microsoft Windows Server 2016.