Overview
- Description
- An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Known exploits
Data from CISA
- Vulnerability name
- Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability
- Exploit added on
- Mar 15, 2022
- Exploit action due
- Apr 5, 2022
- Required action
- Apply updates per vendor instructions.
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1DD582C-1660-4E6E-81A1-537BD1307A99"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AC160B20-3EA0-49A0-A857-4E7A1C2D74E2"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00345596-E9E0-4096-8DC6-0212F4747A13"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E332666-2E03-468E-BC30-299816D6E8ED"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A363CE8F-F399-4B6E-9E7D-349792F95DDB"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37097C39-D588-4018-B94D-5EB87B1E3D5A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_1903:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "530DF8C9-467C-4F4F-9FCA-CDD934BADF3C"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
}
],
"operator": "OR"
}
]
}
]