CVE-2019-1069

high

Description

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system. The security update addresses the vulnerability by correctly validating file operations.

References

https://www.kb.cert.org/vuls/id/119704

https://www.edgescan.com/wp-content/uploads/2024/03/2023-Vulnerability-Statistics-Report.pdf

https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-apache-hugegraph-server-bug/

https://www.tenable.com/blog/contileaks-chats-reveal-over-30-vulnerabilities-used-by-conti-ransomware-affiliates

https://www.tenable.com/blog/tenable-roundup-for-microsofts-june-2019-patch-tuesday

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1069

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1069

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1069

https://blog.0patch.com/2019/06/another-task-scheduler-0day-another.html

Details

Source: Mitre, NVD

Published: 2019-06-12

Updated: 2025-10-29

Named Vulnerability: bearlpeKnown Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.27207