CVE DATABASE / CVE-2019-1069
CVE-2019-1069
Microsoft Task Scheduler Privilege Escalation Vulnerability
Confirmed exploited in the wild. Added 2022-03-15.
Federal remediation due 2022-04-05.
Required action: Apply updates per vendor instructions.
Summary
An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system. The security update addresses the vulnerability by correctly validating file operations.
CVSS 3.1 breakdown
| Base score | 7.8 (HIGH) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1069
- https://blog.0patch.com/2019/06/another-task-scheduler-0day-another.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1069
- https://www.kb.cert.org/vuls/id/119704
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1069
Data: NIST NVD + CISA KEV. NVD last modified 2025-10-29. Always verify against the vendor advisory before acting.