⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-04-05.

CVE-2019-1069Link Following in Microsoft Windows 10 Version 1507

CWE-59Link Following7 documents7 sources
Severity
7.8HIGHNVD
EPSS
30.1%
top 3.33%
CISA KEV
KEVRansomware
Added 2022-03-15
Due 2022-04-05
Exploit
Exploited in wild
Active exploitation observed
Affected products
12
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1703+9 more
Timeline
PublishedJun 12
KEV addedMar 15
KEV dueApr 5
Latest updateMay 24
CISA Required Action: Apply updates per vendor instructions.

Description

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system. The security update addresses the vulnerability by correctly validating file operations.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages12 packages

CVEListV5microsoft/windows_server_201610.0.14393.0publication

Patches

Patch: msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-gf8w-3v8h-w6hr: An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations, aka 'Task Scheduler Elevation2022-05-24
CVEList
Task Scheduler Elevation of Privilege Vulnerability2019-06-12
VulnCheck
Microsoft Task Scheduler Privilege Escalation Vulnerability2019

📋Vendor Advisories

2
CISA
Microsoft Task Scheduler Privilege Escalation Vulnerability2022-03-15
Microsoft
Task Scheduler Elevation of Privilege Vulnerability2019-06-11
CVE-2019-1069 — Link Following in Microsoft | cvebase