{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-03T00:44:08.233","vulnerabilities":[{"cve":{"id":"CVE-2019-1385","sourceIdentifier":"secure@microsoft.com","published":"2019-11-12T19:15:12.503","lastModified":"2025-10-29T14:34:16.610","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'."},{"lang":"es","value":"Se presenta una vulnerabilidad de elevación de privilegios cuando el Windows AppX Deployment Extensions realiza una gestión de privilegios inapropiada, resultando en un acceso a los archivos del sistema. Para explotar esta vulnerabilidad, un atacante autenticado necesitaría ejecutar una aplicación especialmente diseñada para elevar los privilegios. La actualización de seguridad aborda la vulnerabilidad corrigiendo cómo AppX Deployment Extensions gestiona los privilegios, también se conoce como \"Windows AppX Deployment Extensions Elevation of Privilege Vulnerability\"."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:C","baseScore":6.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":8.5,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"cisaExploitAdd":"2022-05-23","cisaActionDue":"2022-06-13","cisaRequiredAction":"Apply updates per vendor instructions.","cisaVulnerabilityName":"Microsoft Windows AppX Deployment Extensions Privilege Escalation Vulnerability","weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-59"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:*:*","matchCriteriaId":"AC160B20-3EA0-49A0-A857-4E7A1C2D74E2"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:*:*","matchCriteriaId":"00345596-E9E0-4096-8DC6-0212F4747A13"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*","matchCriteriaId":"2E332666-2E03-468E-BC30-299816D6E8ED"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:*:*","matchCriteriaId":"A363CE8F-F399-4B6E-9E7D-349792F95DDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*","matchCriteriaId":"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*","matchCriteriaId":"DB79EE26-FC32-417D-A49C-A1A63165A968"}]}]}],"references":[{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1385","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-19-979/","source":"secure@microsoft.com","tags":["Third Party Advisory"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1385","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-19-979/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1385","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}