An elevation of privilege vulnerability exists when the AppX Deployment Server (AppXSvc) improperly handles file hard links. While researching CVE-2019-0841 originally reported by Nabeel Ahmed, I have found that AppXSvc sometimes opens the settings.dat[.LOGx] files of Microsoft Edge for a restore operation that modifies the security descriptor of the files. Further analyzis revealed that the restore operation can be triggered on demand by preventing AppXSvc from accessing the settings.dat[.LOGx] files. This can be achieved by locking the settings.dat[.LOGx] file, resulting in 'Access Denied' and 'Sharing Violation' errors when Edge and AppXSvc are trying to access it. Eventually the restore operation kicks in and if the settings.dat[.LOGx] file has been replaced with a hard link AppXSvc will overwrite the security descriptor of the target file. A low privileged user can leverage this vulnerability to take 'Full Control' of an arbitrary file.