Search

Find a vulnerability

Search criteria

    64 vulnerabilities found for windows_10_1703 by microsoft

    CVE-2022-38396 (GCVE-0-2022-38396)

    Vulnerability from nvd – Published: 2023-02-03 16:53 – Updated: 2025-03-25 20:40
    VLAI
    Summary
    HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 on October 31, 2021.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP Factory Preinstalled Windows 10 20H2 Images Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:54:03.515Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/ie-en/document/ish_7620368-7620413-16"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-38396",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-25T20:40:13.058763Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T20:40:17.060Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP Factory Preinstalled Windows 10 20H2 Images",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 on October 31, 2021."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-12T01:45:42.615Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/ie-en/document/ish_7620368-7620413-16"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-38396",
        "datePublished": "2023-02-03T16:53:47.447Z",
        "dateReserved": "2022-08-17T21:59:36.745Z",
        "dateUpdated": "2025-03-25T20:40:17.060Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1315 (GCVE-0-2019-1315)

    Vulnerability from nvd – Published: 2019-10-10 13:28 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:13:30.248Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1315",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:07:47.421401Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-15",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1315"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:29.583Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1315"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-15T00:00:00.000Z",
                "value": "CVE-2019-1315 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka \u0027Windows Error Reporting Manager Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-10T13:28:40.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1315",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka \u0027Windows Error Reporting Manager Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1315",
        "datePublished": "2019-10-10T13:28:40.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:29.583Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1253 (GCVE-0-2019-1253)

    Vulnerability from nvd – Published: 2019-09-11 21:24 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:13:29.559Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1253"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154488/AppXSvc-17763.1.amd64fre.rs5_release.180914-1434-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1253",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:08:58.756098Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-15",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1253"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:30.968Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1253"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-15T00:00:00.000Z",
                "value": "CVE-2019-1253 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-16T17:06:21.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1253"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154488/AppXSvc-17763.1.amd64fre.rs5_release.180914-1434-Privilege-Escalation.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1253",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1253",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1253"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154488/AppXSvc-17763.1.amd64fre.rs5_release.180914-1434-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154488/AppXSvc-17763.1.amd64fre.rs5_release.180914-1434-Privilege-Escalation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1253",
        "datePublished": "2019-09-11T21:24:59.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:30.968Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1215 (GCVE-0-2019-1215)

    Vulnerability from nvd – Published: 2019-09-11 21:24 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:13:29.707Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1215"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1215",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:09:48.885850Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1215"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:31.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1215"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2019-1215 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-11T21:24:58.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1215"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1215",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1215",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1215"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1215",
        "datePublished": "2019-09-11T21:24:58.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:31.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1214 (GCVE-0-2019-1214)

    Vulnerability from nvd – Published: 2019-09-11 21:24 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:13:29.129Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1214"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1214",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:10:35.768549Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1214"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:31.259Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1214"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2019-1214 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka \u0027Windows Common Log File System Driver Elevation of Privilege Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-11T21:24:58.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1214"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1214",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka \u0027Windows Common Log File System Driver Elevation of Privilege Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1214",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1214"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1214",
        "datePublished": "2019-09-11T21:24:58.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:31.259Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1130 (GCVE-0-2019-1130)

    Vulnerability from nvd – Published: 2019-07-29 14:13 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Server Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Create a notification for this product.
    Microsoft Windows Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:06:31.661Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1130"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1130",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:07:17.936419Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-05-23",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1130"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:32.799Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1130"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-05-23T00:00:00.000Z",
                "value": "CVE-2019-1130 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                }
              ]
            },
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1129."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-29T14:13:22.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1130"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1130",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1129."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1130",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1130"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1130",
        "datePublished": "2019-07-29T14:13:22.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:32.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1129 (GCVE-0-2019-1129)

    Vulnerability from nvd – Published: 2019-07-29 14:13 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1130.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:06:31.656Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1129"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1129",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:15:56.335080Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-15",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1129"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:32.929Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1129"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-15T00:00:00.000Z",
                "value": "CVE-2019-1129 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1130."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-29T14:13:14.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1129"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1129",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1130."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1129",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1129"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1129",
        "datePublished": "2019-07-29T14:13:14.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:32.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0880 (GCVE-0-2019-0880)

    Vulnerability from nvd – Published: 2019-07-15 18:56 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Server Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Create a notification for this product.
    Microsoft Windows Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:58:59.909Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0880"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-0880",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-21T18:56:19.395774Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-05-23",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0880"
                  },
                  "type": "kev"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:34.045Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0880"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-05-23T00:00:00.000Z",
                "value": "CVE-2019-0880 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                }
              ]
            },
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka \u0027Microsoft splwow64 Elevation of Privilege Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-15T18:56:19.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0880"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0880",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka \u0027Microsoft splwow64 Elevation of Privilege Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0880",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0880"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0880",
        "datePublished": "2019-07-15T18:56:19.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:34.045Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1069 (GCVE-0-2019-1069)

    Vulnerability from nvd – Published: 2019-06-12 13:49 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Title
    Task Scheduler Elevation of Privilege Vulnerability
    Summary
    An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system. The security update addresses the vulnerability by correctly validating file operations.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    URL Tags
    https://msrc.microsoft.com/update-guide/vulnerabi… vendor-advisory
    https://www.kb.cert.org/vuls/id/119704 third-party-advisoryx_refsource_CERT-VNx_transferred
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_MISCx_transferred
    https://blog.0patch.com/2019/06/another-task-sche… x_refsource_MISCx_transferred
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1703 Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1803 Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server, version 1803 (Server Core Installation) Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1809 Affected: 10.0.17763.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.17763.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.17763.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1709 for 32-bit Systems Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1709 Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1507 Affected: 10.0.10240.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1607 Affected: 10.0.14393.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.14393.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.14393.0 , < publication (custom)
    Create a notification for this product.
    microsoft windows_10 Affected: 1607
    Affected: 1703
    Affected: 1709
    Affected: 1803
        cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
        cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
        cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
        cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
    Create a notification for this product.
    microsoft windows_server_2016 Affected: 1803
    Affected: 1903
        cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
        cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*
        cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
    Create a notification for this product.
    microsoft windows_server_2019 Affected: 0 , < * (custom)
        cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2019-06-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:06:31.512Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#119704",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/119704"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1069"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.0patch.com/2019/06/another-task-scheduler-0day-another.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "windows_10",
                "vendor": "microsoft",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1607"
                  },
                  {
                    "status": "affected",
                    "version": "1703"
                  },
                  {
                    "status": "affected",
                    "version": "1709"
                  },
                  {
                    "status": "affected",
                    "version": "1803"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "windows_10",
                "vendor": "microsoft",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1607"
                  },
                  {
                    "status": "affected",
                    "version": "1703"
                  },
                  {
                    "status": "affected",
                    "version": "1709"
                  },
                  {
                    "status": "affected",
                    "version": "1803"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "windows_10",
                "vendor": "microsoft",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1607"
                  },
                  {
                    "status": "affected",
                    "version": "1703"
                  },
                  {
                    "status": "affected",
                    "version": "1709"
                  },
                  {
                    "status": "affected",
                    "version": "1803"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "windows_10",
                "vendor": "microsoft",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1607"
                  },
                  {
                    "status": "affected",
                    "version": "1703"
                  },
                  {
                    "status": "affected",
                    "version": "1709"
                  },
                  {
                    "status": "affected",
                    "version": "1803"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "windows_server_2016",
                "vendor": "microsoft",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1803"
                  },
                  {
                    "status": "affected",
                    "version": "1903"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "windows_server_2016",
                "vendor": "microsoft",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1803"
                  },
                  {
                    "status": "affected",
                    "version": "1903"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "windows_server_2019",
                "vendor": "microsoft",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-15",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1069"
                  },
                  "type": "kev"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1069",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-18T18:07:57.773732Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:34.809Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1069"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-15T00:00:00.000Z",
                "value": "CVE-2019-1069 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1703",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1803",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server, version 1803  (Server Core Installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.17763.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.17763.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.17763.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 1709 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1709",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1507",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.10240.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.14393.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.14393.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.14393.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_1803:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.17763.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.17763.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.17763.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.10240.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.14393.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.14393.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.14393.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2019-06-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system.\nTo exploit the vulnerability, an attacker would require unprivileged code execution on a victim system.\nThe security update addresses the vulnerability by correctly validating file operations."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-20T17:50:22.287Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Task Scheduler Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1069"
            }
          ],
          "title": "Task Scheduler Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1069",
        "datePublished": "2019-06-12T13:49:41.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:34.809Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1064 (GCVE-0-2019-1064)

    Vulnerability from nvd – Published: 2019-06-12 13:49 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Title
    Windows Elevation of Privilege Vulnerability
    Summary
    An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows AppX Deployment Service handles hard links.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1703 Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1803 Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server, version 1803 (Server Core Installation) Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1809 Affected: 10.0.17763.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.17763.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.17763.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1709 for 32-bit Systems Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1709 Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1607 Affected: 10.0.14393.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.14393.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.14393.0 , < publication (custom)
    Create a notification for this product.
    Date Public
    2019-06-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:06:31.506Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1064"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1064",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:16:12.418849Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-15",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1064"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:34.956Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1064"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-15T00:00:00.000Z",
                "value": "CVE-2019-1064 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1703",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1803",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server, version 1803  (Server Core Installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.17763.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.17763.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.17763.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 1709 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1709",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.14393.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.14393.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.14393.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_1803:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.17763.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.17763.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.17763.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.14393.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.14393.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.14393.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2019-06-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data.\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.\nThe security update addresses the vulnerability by correcting how Windows AppX Deployment Service handles hard links."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-20T17:50:21.074Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Windows Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1064"
            }
          ],
          "title": "Windows Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1064",
        "datePublished": "2019-06-12T13:49:41.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:34.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0903 (GCVE-0-2019-0903)

    Vulnerability from nvd – Published: 2019-05-16 18:17 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:58:59.624Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0903"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-0903",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:16:31.232834Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-25",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0903"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:36.743Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0903"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-25T00:00:00.000Z",
                "value": "CVE-2019-0903 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka \u0027GDI+ Remote Code Execution Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-16T18:17:02.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0903"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0903",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka \u0027GDI+ Remote Code Execution Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0903",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0903"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0903",
        "datePublished": "2019-05-16T18:17:02.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:36.743Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0863 (GCVE-0-2019-0863)

    Vulnerability from nvd – Published: 2019-05-16 18:17 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:58:59.576Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0863"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153008/Angry-Polar-Bear-2-Microsoft-Windows-Error-Reporting-Local-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-0863",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:16:56.664280Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0863"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:36.978Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0863"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2019-0863 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka \u0027Windows Error Reporting Elevation of Privilege Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-24T15:06:05.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0863"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153008/Angry-Polar-Bear-2-Microsoft-Windows-Error-Reporting-Local-Privilege-Escalation.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0863",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka \u0027Windows Error Reporting Elevation of Privilege Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0863",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0863"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153008/Angry-Polar-Bear-2-Microsoft-Windows-Error-Reporting-Local-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153008/Angry-Polar-Bear-2-Microsoft-Windows-Error-Reporting-Local-Privilege-Escalation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0863",
        "datePublished": "2019-05-16T18:17:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:36.978Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0859 (GCVE-0-2019-0859)

    Vulnerability from nvd – Published: 2019-04-09 20:19 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1709 (Core Installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:58:59.594Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0859"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-0859",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:17:43.765232Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0859"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:39.450Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0859"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2019-0859 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1709  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-09T20:19:48.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0859"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0859",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1709  (Core Installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0859",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0859"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0859",
        "datePublished": "2019-04-09T20:19:48.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:39.450Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0841 (GCVE-0-2019-0841)

    Vulnerability from nvd – Published: 2019-04-09 20:18 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1709 (Core Installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:58:59.113Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0841"
              },
              {
                "name": "46683",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/46683/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/152463/Microsoft-Windows-AppX-Deployment-Service-Privilege-Escalation.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-360/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153009/Internet-Explorer-JavaScript-Privilege-Escalation.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153114/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153215/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153642/AppXSvc-Hard-Link-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-0841",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:18:10.744157Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-15",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0841"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:39.637Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0841"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-15T00:00:00.000Z",
                "value": "CVE-2019-0841 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1709  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-15T16:06:10.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0841"
            },
            {
              "name": "46683",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/46683/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/152463/Microsoft-Windows-AppX-Deployment-Service-Privilege-Escalation.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-360/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153009/Internet-Explorer-JavaScript-Privilege-Escalation.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153114/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153215/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153642/AppXSvc-Hard-Link-Privilege-Escalation.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0841",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1709  (Core Installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0841",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0841"
                },
                {
                  "name": "46683",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/46683/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/152463/Microsoft-Windows-AppX-Deployment-Service-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/152463/Microsoft-Windows-AppX-Deployment-Service-Privilege-Escalation.html"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-360/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-360/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153009/Internet-Explorer-JavaScript-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153009/Internet-Explorer-JavaScript-Privilege-Escalation.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153114/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153114/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153215/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153215/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153642/AppXSvc-Hard-Link-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153642/AppXSvc-Hard-Link-Privilege-Escalation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0841",
        "datePublished": "2019-04-09T20:18:32.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:39.637Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0803 (GCVE-0-2019-0803)

    Vulnerability from nvd – Published: 2019-04-09 20:15 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1709 (Core Installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:58:58.494Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0803"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153034/Microsoft-Windows-Win32k-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-0803",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:18:31.260433Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0803"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:39.783Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0803"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2019-0803 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1709  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-23T17:06:05.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0803"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153034/Microsoft-Windows-Win32k-Privilege-Escalation.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0803",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1709  (Core Installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0803",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0803"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153034/Microsoft-Windows-Win32k-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153034/Microsoft-Windows-Win32k-Privilege-Escalation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0803",
        "datePublished": "2019-04-09T20:15:28.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:39.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-38396 (GCVE-0-2022-38396)

    Vulnerability from cvelistv5 – Published: 2023-02-03 16:53 – Updated: 2025-03-25 20:40
    VLAI
    Summary
    HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 on October 31, 2021.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP Factory Preinstalled Windows 10 20H2 Images Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:54:03.515Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/ie-en/document/ish_7620368-7620413-16"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-38396",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-25T20:40:13.058763Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T20:40:17.060Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP Factory Preinstalled Windows 10 20H2 Images",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 on October 31, 2021."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-12T01:45:42.615Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/ie-en/document/ish_7620368-7620413-16"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-38396",
        "datePublished": "2023-02-03T16:53:47.447Z",
        "dateReserved": "2022-08-17T21:59:36.745Z",
        "dateUpdated": "2025-03-25T20:40:17.060Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1315 (GCVE-0-2019-1315)

    Vulnerability from cvelistv5 – Published: 2019-10-10 13:28 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:13:30.248Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1315",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:07:47.421401Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-15",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1315"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:29.583Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1315"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-15T00:00:00.000Z",
                "value": "CVE-2019-1315 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka \u0027Windows Error Reporting Manager Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-10T13:28:40.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1315",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka \u0027Windows Error Reporting Manager Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1315",
        "datePublished": "2019-10-10T13:28:40.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:29.583Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1253 (GCVE-0-2019-1253)

    Vulnerability from cvelistv5 – Published: 2019-09-11 21:24 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:13:29.559Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1253"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154488/AppXSvc-17763.1.amd64fre.rs5_release.180914-1434-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1253",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:08:58.756098Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-15",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1253"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:30.968Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1253"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-15T00:00:00.000Z",
                "value": "CVE-2019-1253 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-16T17:06:21.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1253"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154488/AppXSvc-17763.1.amd64fre.rs5_release.180914-1434-Privilege-Escalation.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1253",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1253",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1253"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154488/AppXSvc-17763.1.amd64fre.rs5_release.180914-1434-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154488/AppXSvc-17763.1.amd64fre.rs5_release.180914-1434-Privilege-Escalation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1253",
        "datePublished": "2019-09-11T21:24:59.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:30.968Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1214 (GCVE-0-2019-1214)

    Vulnerability from cvelistv5 – Published: 2019-09-11 21:24 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:13:29.129Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1214"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1214",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:10:35.768549Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1214"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:31.259Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1214"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2019-1214 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka \u0027Windows Common Log File System Driver Elevation of Privilege Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-11T21:24:58.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1214"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1214",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka \u0027Windows Common Log File System Driver Elevation of Privilege Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1214",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1214"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1214",
        "datePublished": "2019-09-11T21:24:58.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:31.259Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1215 (GCVE-0-2019-1215)

    Vulnerability from cvelistv5 – Published: 2019-09-11 21:24 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:13:29.707Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1215"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1215",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:09:48.885850Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1215"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:31.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1215"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2019-1215 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-11T21:24:58.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1215"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1215",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1215",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1215"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1215",
        "datePublished": "2019-09-11T21:24:58.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:31.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1130 (GCVE-0-2019-1130)

    Vulnerability from cvelistv5 – Published: 2019-07-29 14:13 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Server Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Create a notification for this product.
    Microsoft Windows Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:06:31.661Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1130"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1130",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:07:17.936419Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-05-23",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1130"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:32.799Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1130"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-05-23T00:00:00.000Z",
                "value": "CVE-2019-1130 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                }
              ]
            },
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1129."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-29T14:13:22.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1130"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1130",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1129."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1130",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1130"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1130",
        "datePublished": "2019-07-29T14:13:22.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:32.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1129 (GCVE-0-2019-1129)

    Vulnerability from cvelistv5 – Published: 2019-07-29 14:13 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1130.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:06:31.656Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1129"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1129",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:15:56.335080Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-15",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1129"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:32.929Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1129"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-15T00:00:00.000Z",
                "value": "CVE-2019-1129 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1130."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-29T14:13:14.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1129"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1129",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1130."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1129",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1129"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1129",
        "datePublished": "2019-07-29T14:13:14.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:32.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0880 (GCVE-0-2019-0880)

    Vulnerability from cvelistv5 – Published: 2019-07-15 18:56 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Server Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Create a notification for this product.
    Microsoft Windows Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:58:59.909Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0880"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-0880",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-21T18:56:19.395774Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-05-23",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0880"
                  },
                  "type": "kev"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:34.045Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0880"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-05-23T00:00:00.000Z",
                "value": "CVE-2019-0880 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                }
              ]
            },
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka \u0027Microsoft splwow64 Elevation of Privilege Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-15T18:56:19.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0880"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0880",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka \u0027Microsoft splwow64 Elevation of Privilege Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0880",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0880"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0880",
        "datePublished": "2019-07-15T18:56:19.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:34.045Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1069 (GCVE-0-2019-1069)

    Vulnerability from cvelistv5 – Published: 2019-06-12 13:49 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Title
    Task Scheduler Elevation of Privilege Vulnerability
    Summary
    An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system. The security update addresses the vulnerability by correctly validating file operations.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    URL Tags
    https://msrc.microsoft.com/update-guide/vulnerabi… vendor-advisory
    https://www.kb.cert.org/vuls/id/119704 third-party-advisoryx_refsource_CERT-VNx_transferred
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_MISCx_transferred
    https://blog.0patch.com/2019/06/another-task-sche… x_refsource_MISCx_transferred
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1703 Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1803 Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server, version 1803 (Server Core Installation) Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1809 Affected: 10.0.17763.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.17763.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.17763.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1709 for 32-bit Systems Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1709 Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1507 Affected: 10.0.10240.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1607 Affected: 10.0.14393.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.14393.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.14393.0 , < publication (custom)
    Create a notification for this product.
    microsoft windows_10 Affected: 1607
    Affected: 1703
    Affected: 1709
    Affected: 1803
        cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
        cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
        cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
        cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
    Create a notification for this product.
    microsoft windows_server_2016 Affected: 1803
    Affected: 1903
        cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
        cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*
        cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
    Create a notification for this product.
    microsoft windows_server_2019 Affected: 0 , < * (custom)
        cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2019-06-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:06:31.512Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#119704",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/119704"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1069"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.0patch.com/2019/06/another-task-scheduler-0day-another.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "windows_10",
                "vendor": "microsoft",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1607"
                  },
                  {
                    "status": "affected",
                    "version": "1703"
                  },
                  {
                    "status": "affected",
                    "version": "1709"
                  },
                  {
                    "status": "affected",
                    "version": "1803"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "windows_10",
                "vendor": "microsoft",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1607"
                  },
                  {
                    "status": "affected",
                    "version": "1703"
                  },
                  {
                    "status": "affected",
                    "version": "1709"
                  },
                  {
                    "status": "affected",
                    "version": "1803"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "windows_10",
                "vendor": "microsoft",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1607"
                  },
                  {
                    "status": "affected",
                    "version": "1703"
                  },
                  {
                    "status": "affected",
                    "version": "1709"
                  },
                  {
                    "status": "affected",
                    "version": "1803"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "windows_10",
                "vendor": "microsoft",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1607"
                  },
                  {
                    "status": "affected",
                    "version": "1703"
                  },
                  {
                    "status": "affected",
                    "version": "1709"
                  },
                  {
                    "status": "affected",
                    "version": "1803"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "windows_server_2016",
                "vendor": "microsoft",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1803"
                  },
                  {
                    "status": "affected",
                    "version": "1903"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*",
                  "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "windows_server_2016",
                "vendor": "microsoft",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1803"
                  },
                  {
                    "status": "affected",
                    "version": "1903"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "windows_server_2019",
                "vendor": "microsoft",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-15",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1069"
                  },
                  "type": "kev"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1069",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-18T18:07:57.773732Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:34.809Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1069"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-15T00:00:00.000Z",
                "value": "CVE-2019-1069 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1703",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1803",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server, version 1803  (Server Core Installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.17763.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.17763.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.17763.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 1709 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1709",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1507",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.10240.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.14393.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.14393.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.14393.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_1803:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.17763.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.17763.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.17763.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.10240.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.14393.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.14393.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.14393.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2019-06-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system.\nTo exploit the vulnerability, an attacker would require unprivileged code execution on a victim system.\nThe security update addresses the vulnerability by correctly validating file operations."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-20T17:50:22.287Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Task Scheduler Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1069"
            }
          ],
          "title": "Task Scheduler Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1069",
        "datePublished": "2019-06-12T13:49:41.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:34.809Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1064 (GCVE-0-2019-1064)

    Vulnerability from cvelistv5 – Published: 2019-06-12 13:49 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Title
    Windows Elevation of Privilege Vulnerability
    Summary
    An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows AppX Deployment Service handles hard links.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows 10 Version 1703 Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1803 Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server, version 1803 (Server Core Installation) Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1809 Affected: 10.0.17763.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server 2019 Affected: 10.0.17763.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.17763.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1709 for 32-bit Systems Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1709 Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: 10.0.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows 10 Version 1607 Affected: 10.0.14393.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server 2016 Affected: 10.0.14393.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.14393.0 , < publication (custom)
    Create a notification for this product.
    Date Public
    2019-06-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:06:31.506Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1064"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1064",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:16:12.418849Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-15",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1064"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:34.956Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1064"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-15T00:00:00.000Z",
                "value": "CVE-2019-1064 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1703",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1803",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server, version 1803  (Server Core Installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.17763.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1809",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.17763.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2019 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.17763.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems"
              ],
              "product": "Windows 10 Version 1709 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems",
                "ARM64-based Systems"
              ],
              "product": "Windows 10 Version 1709",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "32-bit Systems",
                "x64-based Systems"
              ],
              "product": "Windows 10 Version 1607",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.14393.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.14393.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Windows Server 2016 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "10.0.14393.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_1803:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.17763.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.17763.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.17763.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.14393.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.14393.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "10.0.14393.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2019-06-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data.\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.\nThe security update addresses the vulnerability by correcting how Windows AppX Deployment Service handles hard links."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-20T17:50:21.074Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Windows Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1064"
            }
          ],
          "title": "Windows Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1064",
        "datePublished": "2019-06-12T13:49:41.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:34.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0903 (GCVE-0-2019-0903)

    Vulnerability from cvelistv5 – Published: 2019-05-16 18:17 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:58:59.624Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0903"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-0903",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:16:31.232834Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-25",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0903"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:36.743Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0903"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-25T00:00:00.000Z",
                "value": "CVE-2019-0903 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka \u0027GDI+ Remote Code Execution Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-16T18:17:02.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0903"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0903",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka \u0027GDI+ Remote Code Execution Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0903",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0903"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0903",
        "datePublished": "2019-05-16T18:17:02.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:36.743Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0863 (GCVE-0-2019-0863)

    Vulnerability from cvelistv5 – Published: 2019-05-16 18:17 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for 32-bit Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for x64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows 10 Version 1903 for ARM64-based Systems Affected: unspecified
    Create a notification for this product.
    Microsoft Windows Server, version 1903 (Server Core installation) Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:58:59.576Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0863"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153008/Angry-Polar-Bear-2-Microsoft-Windows-Error-Reporting-Local-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-0863",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:16:56.664280Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0863"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:36.978Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0863"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2019-0863 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for 32-bit Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for x64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows 10 Version 1903 for ARM64-based Systems",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Windows Server, version 1903 (Server Core installation)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka \u0027Windows Error Reporting Elevation of Privilege Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-24T15:06:05.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0863"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153008/Angry-Polar-Bear-2-Microsoft-Windows-Error-Reporting-Local-Privilege-Escalation.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0863",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for x64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server, version 1903 (Server Core installation)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka \u0027Windows Error Reporting Elevation of Privilege Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0863",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0863"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153008/Angry-Polar-Bear-2-Microsoft-Windows-Error-Reporting-Local-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153008/Angry-Polar-Bear-2-Microsoft-Windows-Error-Reporting-Local-Privilege-Escalation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0863",
        "datePublished": "2019-05-16T18:17:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:36.978Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0859 (GCVE-0-2019-0859)

    Vulnerability from cvelistv5 – Published: 2019-04-09 20:19 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1709 (Core Installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:58:59.594Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0859"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-0859",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:17:43.765232Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0859"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:39.450Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0859"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2019-0859 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1709  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-09T20:19:48.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0859"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0859",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1709  (Core Installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0859",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0859"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0859",
        "datePublished": "2019-04-09T20:19:48.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:39.450Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0841 (GCVE-0-2019-0841)

    Vulnerability from cvelistv5 – Published: 2019-04-09 20:18 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: version 1709 (Core Installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:58:59.113Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0841"
              },
              {
                "name": "46683",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/46683/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/152463/Microsoft-Windows-AppX-Deployment-Service-Privilege-Escalation.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-360/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153009/Internet-Explorer-JavaScript-Privilege-Escalation.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153114/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153215/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153642/AppXSvc-Hard-Link-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-0841",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:18:10.744157Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-15",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0841"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-59",
                    "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:39.637Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0841"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-15T00:00:00.000Z",
                "value": "CVE-2019-0841 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1709  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-15T16:06:10.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0841"
            },
            {
              "name": "46683",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/46683/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/152463/Microsoft-Windows-AppX-Deployment-Service-Privilege-Escalation.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-360/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153009/Internet-Explorer-JavaScript-Privilege-Escalation.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153114/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153215/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153642/AppXSvc-Hard-Link-Privilege-Escalation.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0841",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 1709  (Core Installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka \u0027Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0841",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0841"
                },
                {
                  "name": "46683",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/46683/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/152463/Microsoft-Windows-AppX-Deployment-Service-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/152463/Microsoft-Windows-AppX-Deployment-Service-Privilege-Escalation.html"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-360/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-360/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153009/Internet-Explorer-JavaScript-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153009/Internet-Explorer-JavaScript-Privilege-Escalation.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153114/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153114/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153215/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153215/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153642/AppXSvc-Hard-Link-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153642/AppXSvc-Hard-Link-Privilege-Escalation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0841",
        "datePublished": "2019-04-09T20:18:32.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:39.637Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0803 (GCVE-0-2019-0803)

    Vulnerability from cvelistv5 – Published: 2019-04-09 20:15 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Windows Affected: 7 for 32-bit Systems Service Pack 1
    Affected: 7 for x64-based Systems Service Pack 1
    Affected: 8.1 for 32-bit systems
    Affected: 8.1 for x64-based systems
    Affected: RT 8.1
    Affected: 10 for 32-bit Systems
    Affected: 10 for x64-based Systems
    Affected: 10 Version 1607 for 32-bit Systems
    Affected: 10 Version 1607 for x64-based Systems
    Affected: 10 Version 1703 for 32-bit Systems
    Affected: 10 Version 1703 for x64-based Systems
    Affected: 10 Version 1709 for 32-bit Systems
    Affected: 10 Version 1709 for x64-based Systems
    Affected: 10 Version 1803 for 32-bit Systems
    Affected: 10 Version 1803 for x64-based Systems
    Affected: 10 Version 1803 for ARM64-based Systems
    Affected: 10 Version 1809 for 32-bit Systems
    Affected: 10 Version 1809 for x64-based Systems
    Affected: 10 Version 1809 for ARM64-based Systems
    Affected: 10 Version 1709 for ARM64-based Systems
    Create a notification for this product.
    Microsoft Windows Server Affected: 2008 R2 for x64-based Systems Service Pack 1 (Core installation)
    Affected: 2008 R2 for Itanium-Based Systems Service Pack 1
    Affected: 2008 R2 for x64-based Systems Service Pack 1
    Affected: 2008 for 32-bit Systems Service Pack 2 (Core installation)
    Affected: 2012
    Affected: 2012 (Core installation)
    Affected: 2012 R2
    Affected: 2012 R2 (Core installation)
    Affected: 2016
    Affected: 2016 (Core installation)
    Affected: version 1709 (Core Installation)
    Affected: version 1803 (Core Installation)
    Affected: 2019
    Affected: 2019 (Core installation)
    Affected: 2008 for Itanium-Based Systems Service Pack 2
    Affected: 2008 for 32-bit Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2
    Affected: 2008 for x64-based Systems Service Pack 2 (Core installation)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:58:58.494Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0803"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153034/Microsoft-Windows-Win32k-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-0803",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:18:31.260433Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0803"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:39.783Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0803"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2019-0803 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "7 for 32-bit Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "7 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "8.1 for 32-bit systems"
                },
                {
                  "status": "affected",
                  "version": "8.1 for x64-based systems"
                },
                {
                  "status": "affected",
                  "version": "RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "10 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1607 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1703 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1803 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for x64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1809 for ARM64-based Systems"
                },
                {
                  "status": "affected",
                  "version": "10 Version 1709 for ARM64-based Systems"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for Itanium-Based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 R2 for x64-based Systems Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012"
                },
                {
                  "status": "affected",
                  "version": "2012 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2012 R2"
                },
                {
                  "status": "affected",
                  "version": "2012 R2 (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2016"
                },
                {
                  "status": "affected",
                  "version": "2016  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1709  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "version 1803  (Core Installation)"
                },
                {
                  "status": "affected",
                  "version": "2019"
                },
                {
                  "status": "affected",
                  "version": "2019  (Core installation)"
                },
                {
                  "status": "affected",
                  "version": "2008 for Itanium-Based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for 32-bit Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-23T17:06:05.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0803"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153034/Microsoft-Windows-Win32k-Privilege-Escalation.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0803",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7 for 32-bit Systems Service Pack 1"
                              },
                              {
                                "version_value": "7 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "8.1 for 32-bit systems"
                              },
                              {
                                "version_value": "8.1 for x64-based systems"
                              },
                              {
                                "version_value": "RT 8.1"
                              },
                              {
                                "version_value": "10 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1607 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1703 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1803 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for 32-bit Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for x64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1809 for ARM64-based Systems"
                              },
                              {
                                "version_value": "10 Version 1709 for ARM64-based Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
                              },
                              {
                                "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 R2 for x64-based Systems Service Pack 1"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
                              },
                              {
                                "version_value": "2012"
                              },
                              {
                                "version_value": "2012 (Core installation)"
                              },
                              {
                                "version_value": "2012 R2"
                              },
                              {
                                "version_value": "2012 R2 (Core installation)"
                              },
                              {
                                "version_value": "2016"
                              },
                              {
                                "version_value": "2016  (Core installation)"
                              },
                              {
                                "version_value": "version 1709  (Core Installation)"
                              },
                              {
                                "version_value": "version 1803  (Core Installation)"
                              },
                              {
                                "version_value": "2019"
                              },
                              {
                                "version_value": "2019  (Core installation)"
                              },
                              {
                                "version_value": "2008 for Itanium-Based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for 32-bit Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2"
                              },
                              {
                                "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0803",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0803"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153034/Microsoft-Windows-Win32k-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153034/Microsoft-Windows-Win32k-Privilege-Escalation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0803",
        "datePublished": "2019-04-09T20:15:28.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:39.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }