Remote Desktop Services Remote Code Execution Vulnerability

Stammdaten

Kritikalität
CVE ID
CVE-2019-1226
Aktualisiert am:
2024-05-29T16:51:12.090Z
Veröffentlicht am:
2019-08-14T20:55:05
 

Betroffene Produkte

Hersteller:
Microsoft
Produkt(e):
Windows 10 Version 1803, Windows Server, version 1803 (Server Core Installation), Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1909, Windows Server, version 1909 (Server Core installation)
Betroffene Version:
10.0.0
 

Beschreibung

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.
 

Referenzen

 

NIST-Link:


Copyright © 2024 · All Rights Reserved · https://www.tecxero.com | Impressum