CVE-2019-1181

Summary

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 10 Version 170310.0.0 < publicationaffected
MicrosoftWindows 10 Version 180310.0.0 < publicationaffected
MicrosoftWindows Server, version 1803 (Server Core Installation)10.0.0 < publicationaffected
MicrosoftWindows 10 Version 180910.0.0 < publicationaffected
MicrosoftWindows Server 201910.0.0 < publicationaffected
MicrosoftWindows Server 2019 (Server Core installation)10.0.0 < publicationaffected
MicrosoftWindows 10 Version 1709 for 32-bit Systems10.0.0 < publicationaffected
MicrosoftWindows 10 Version 170910.0.0 < publicationaffected
MicrosoftWindows 10 Version 1903 for 32-bit Systems10.0.0 < publicationaffected
MicrosoftWindows 10 Version 1903 for x64-based Systems10.0.0 < publicationaffected
MicrosoftWindows 10 Version 1903 for ARM64-based Systems10.0.0 < publicationaffected
MicrosoftWindows Server, version 1903 (Server Core installation)10.0.0 < publicationaffected
MicrosoftWindows 10 Version 150710.0.0 < publicationaffected
MicrosoftWindows 10 Version 160710.0.0 < publicationaffected
MicrosoftWindows Server 201610.0.0 < publicationaffected
MicrosoftWindows Server 2016 (Server Core installation)10.0.0 < publicationaffected
MicrosoftWindows 8.16.3.0 < publicationaffected
MicrosoftWindows Server 20126.2.0 < publicationaffected
MicrosoftWindows Server 2012 (Server Core installation)6.2.0 < publicationaffected
MicrosoftWindows Server 2012 R26.3.0 < publicationaffected
MicrosoftWindows Server 2012 R2 (Server Core installation)6.3.0 < publicationaffected
MicrosoftMicrosoft Remote Desktop for Android0 < publicationaffected
MicrosoftMicrosoft Remote Desktop for IoS1.0.0 < publicationaffected
MicrosoftMicrosoft Remote Desktop for Mac1.0.0 < publicationaffected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References