Privilege escalation in Microsoft Windows AppX Deployment Server

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU17997

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-0766

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an error within the Windows AppX Deployment Server that allows users to create files in arbitrary locations on the system. A local user can use a specially crafted application to create files in arbitrary locations.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows Server: 2016 10.0.14393.10 - 2019 1803

Windows: 10 1607 10.0.14393.10 - 10 1809 10.0.17763.1

CPE2.3

• cpe:2.3:o:microsoft:windows_server:2016:10.0.14393.10:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:2019:10.0.17763.1:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:2019_1709:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:2019_1803:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:10_1607:10.0.14393.10:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:10_1703:10.0.15063.138:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:10_1709:10.0.16299.19:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:10_1803:10.0.17134.48:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:10_1809:10.0.17763.1:*:*:*:*:*:*

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0766

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.