PT-2019-4228 · Microsoft · Windows Appx Deployment Server+1

Kkokkokye

·

Publicado

2019-11-12

·

Atualizado

2025-04-08

·

CVE-2019-1385

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Microsoft Windows AppX Deployment Server (affected versions not specified)
Description The issue is related to insufficient access restrictions in the Windows AppX Deployment Server component, allowing an attacker to elevate their privileges. To exploit this, an authenticated attacker would need to run a specially crafted application. The vulnerability is related to improper privilege management by the Windows AppX Deployment Extensions, resulting in unauthorized access to system files.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

LPE

Link Following

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59CWE-269

Identificadores relacionados

BDU:2019-04827
CVE-2019-1385
ZDI-19-979

Produtos afetados

Windows
Windows Appx Deployment Server