CVE-2019-1129
published 2019-07-15CVE-2019-1129: An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of…
PriorityP184high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITWRansomware
CISA Known Exploited Vulnerabilitydue 2022-04-05
Exploited in the wild
EPSS
1.80%
75.7th percentile
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1130.
Affected
47 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
| microsoft | windows_10_version_1903_for_arm64-based_systems | — | — |
| microsoft | windows_10_version_1903_for_x64-based_systems | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Focus detection on Windows AppX Deployment Service (AppXSVC) improperly handling hard links, which enables elevation of privilege to run processes in an elevated context. ↗
- →Monitor for low-privileged users logging on locally and subsequently launching specially crafted applications that interact with AppXSVC hard link handling. ↗
- →Flag processes spawned under AppXSVC that exhibit unexpected elevated context, particularly those resulting from hard link manipulation. ↗
- ·CVE-2019-1129 is distinct from CVE-2019-1130, which covers a separate but related AppXSVC hard link elevation of privilege vulnerability; ensure detections target the correct CVE. ↗
- ·Microsoft assesses exploitation as 'More Likely' for both latest and older software releases, and the vulnerability has been publicly disclosed, increasing risk of weaponized PoC availability. ↗
- ·CISA mandated remediation by 2022-04-05 per the Known Exploited Vulnerabilities catalog; unpatched systems should be treated as high priority. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
cisa·2022-03-15·CVSS 7.8
CVE-2019-1129 [HIGH] CWE-59 Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
Vulnerability: Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
Affected: Microsoft Windows
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-1129
Remediation Due Date: 2022-04-05
Microsoft
Windows Elevation of Privilege Vulnerability
vendor_msrc·2019-07-09·CVSS 7.8
CVE-2019-1129 [HIGH] Windows Elevation of Privilege Vulnerability
Windows Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The security update addresses the vulnerability by correcting how Windows AppX Deployment Service handles hard links.
Microsoft Windows: Microsoft Windows
Microsoft: Microsoft
Impact: Elevation of Privilege
Exploit Stat
GHSA
GHSA-gxfx-4m5q-qcqf: An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2019-1130 [HIGH] CWE-59 GHSA-gxfx-4m5q-qcqf: An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129.
GHSA
GHSA-jcpw-f7c4-6wr7: An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2019-1129 [HIGH] CWE-59 GHSA-jcpw-f7c4-6wr7: An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1130.
VulnCheck
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
vulncheck·2019·CVSS 7.8
CVE-2019-1129 [HIGH] CWE-59 Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Affected: Microsoft Windows
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.tenable.com/blog/contileaks-chats-reveal-over-30-vulnerabilities-used-by-conti-ransomware-affiliates; https://www.securin.io/articles/all-about-conti-ransomware/
Remediation Due: 2022-04-05
No detection rules found.
No public exploits indexed.
Tenable
ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help
blogs_tenable·2022-03-24
ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Zscaler
Zscaler found Multiple Security Vulnerabilities | 07-10-2019
blogs_zscaler·CVSS 7.8
[HIGH] Zscaler found Multiple Security Vulnerabilities | 07-10-2019
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Bugzilla
CVE-2019-11459 evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail()
bugzilla·2019-06-03·CVSS 5.5
CVE-2019-11459 [MEDIUM] CVE-2019-11459 evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail()
CVE-2019-11459 evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail()
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
Reference:
https://gitlab.gnome.org/GNOME/evince/issues/1129
Discussion:
Created evince tracking bugs for this issue:
Affects: fedora-29 [bug 1716298]
---
Created evince tracking bugs for this issue:
Affects: fedora-30 [bug 1716299]
---
Patch:
https://gitlab.gnome.org/GNOME/evince/commit/234f034a4d15cd46dd556f4945f99fbd57ef5f15
---
Statement:
This issue affects the versions of evince as shipped with Re
2019-07-15
Published
2022-03-15
Added to CISA KEV
Exploited in the wild