CVE-2019-0788
published 2019-09-11CVE-2019-0788: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote…
PriorityP356high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
11.67%
95.5th percentile
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-1290, CVE-2019-1291.
Affected
59 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered when a user connects to a malicious/attacker-controlled RDP server — monitor for outbound RDP client connections to unknown or untrusted servers ↗
- →Attacker delivery vectors include social engineering, DNS poisoning, or Man-in-the-Middle (MITM) interception of RDP connections — monitor for DNS anomalies and unexpected RDP redirections ↗
- →Compromised legitimate RDP servers hosting malicious code are also a vector — audit trusted RDP server integrity and watch for unexpected code execution post-connection ↗
- ·Exploitation assessed as 'More Likely' for both latest and older software releases — patch prioritization should be high across all supported Windows versions ↗
- ·The vulnerability is in the Windows Remote Desktop CLIENT (not the server) — the attack surface is client-side, meaning endpoint RDP client patching is the critical remediation path ↗
- ·CVE-2019-0788 is distinct from related RDP client RCE CVEs CVE-2019-0787, CVE-2019-1290, and CVE-2019-1291 — all four should be addressed together ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3mc8-g687-m3cf: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie
ghsa_unreviewed·2022-05-24·CVSS 8.8
CVE-2019-0788 [HIGH] GHSA-3mc8-g687-m3cf: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-1290, CVE-2019-1291.
GHSA
GHSA-57q3-7fwg-5h3g: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie
ghsa_unreviewed·2022-05-24·CVSS 8.8
CVE-2019-1290 [HIGH] GHSA-57q3-7fwg-5h3g: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1291.
GHSA
GHSA-jgwx-vv8h-22r9: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie
ghsa_unreviewed·2022-05-24·CVSS 8.8
CVE-2019-1291 [HIGH] GHSA-jgwx-vv8h-22r9: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1290.
GHSA
GHSA-r5xj-829m-j295: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie
ghsa_unreviewed·2022-05-24·CVSS 8.8
CVE-2019-0787 [HIGH] GHSA-r5xj-829m-j295: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0788, CVE-2019-1290, CVE-2019-1291.
Microsoft
Remote Desktop Client Remote Code Execution Vulnerability
vendor_msrc·2019-09-10·CVSS 7.5
CVE-2019-0788 [HIGH] Remote Desktop Client Remote Code Execution Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to have control of a server and then convince a user to connect to it. An attacker would have no way of forcing a user to connect to the malicious server, they would need to trick the user into connecting via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An attacker
No detection rules found.
No public exploits indexed.
Trendmicro
September Patch Tuesday: RDP Vulns and Zero-Days
blogs_trendmicro·2019-09-11·CVSS 8.8
[HIGH] September Patch Tuesday: RDP Vulns and Zero-Days
Exploits & Vulnerabilities
# September Patch Tuesday: RDP Vulns and Zero-Days
Microsoft’s September Patch Tuesday covered a total of 80 CVEs, 17 of which were rated critical.
By: Trend Micro
2019/09/11
Read time: ( words)
Save to Folio
Microsoft’s September Patch Tuesday covered 80 CVEs, 17 of which were rated critical, and included patches for Azure DevOps Server, Chakra Scripting engine, and Microsoft SharePoint. Sixty-two were labeled as important and included patches for Microsoft Excel, Microsoft Edge, and Microsoft Exchange. Only one was rated as moderate.
### Remote desktop vulnerabilities
Continuing the trend from last month, several of the critical patches were for Remote Desktop Clients and are CVE-2019-0787, CVE-2019-0788, CVE-2019-1290, and CVE-2019-1291 — all Remote Co
Trendmicro
September Patch Tuesday: RDP Vulns and Zero-Days
blogs_trendmicro·2019-09-11·CVSS 8.8
[HIGH] September Patch Tuesday: RDP Vulns and Zero-Days
# September Patch Tuesday: RDP Vulns and Zero-Days
Microsoft’s September Patch Tuesday covered a total of 80 CVEs, 17 of which were rated critical.
By: Trend Micro
Sep 11, 2019
Read time: ( words)
Save to Folio
Microsoft’s September Patch Tuesday covered 80 CVEs, 17 of which were rated critical, and included patches for Azure DevOps Server, Chakra Scripting engine, and Microsoft SharePoint. Sixty-two were labeled as important and included patches for Microsoft Excel, Microsoft Edge, and Microsoft Exchange. Only one was rated as moderate.
### Remote desktop vulnerabilities
Continuing the trend from last month, several of the critical patches were for Remote Desktop Clients and are CVE-2019-0787, CVE-2019-0788, CVE-2019-1290, and CVE-2019-1291 — all Remote Code Execution (RCE) vulnera
Tenable
Microsoft's September 2019 Patch Tuesday: Tenable Roundup
blogs_tenable·2019-09-10
Microsoft's September 2019 Patch Tuesday: Tenable Roundup
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
September 2019 Patch Tuesday – 79 Vulns, 17 Critical, Remote Desktop Client, SharePoint, Exploited PrivEsc
blogs_qualys·2019-09-10·CVSS 8.8
[HIGH] September 2019 Patch Tuesday – 79 Vulns, 17 Critical, Remote Desktop Client, SharePoint, Exploited PrivEsc
This month’s Microsoft Patch Tuesday addresses 79 vulnerabilities with 17 of them labeled as Critical. Of the 17 Critical vulns, 8 are for scripting engines and browsers, 4 are for the Remote Desktop Client, and 3 are for SharePoint. In addition, Microsoft has again patched a critical vulnerability in LNK files, along with a vuln in Azure DevOps / TFS. Adobe has also released patches for Flash and Application Manager.
Update: Following Patch Tuesday, Microsoft updated the entries for CVE-2019-1214 and CVE-2019-1215 to remove the “exploited” label.
## Workstation Patches
Scripting Engine, Browser, and LNK patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are
Qualys
September 2019 Patch Tuesday - 79 Vulns, 17 Critical, Remote Desktop Client, SharePoint, Exploited PrivEsc | Qualys
blogs_qualys·2019-09-10·CVSS 8.8
[HIGH] September 2019 Patch Tuesday - 79 Vulns, 17 Critical, Remote Desktop Client, SharePoint, Exploited PrivEsc | Qualys
This month’s Microsoft Patch Tuesday addresses 79 vulnerabilities with 17 of them labeled as Critical. Of the 17 Critical vulns, 8 are for scripting engines and browsers, 4 are for the Remote Desktop Client, and 3 are for SharePoint. In addition, Microsoft has again patched a critical vulnerability in LNK files, along with a vuln in Azure DevOps / TFS. Adobe has also released patches for Flash and Application Manager.
Update: Following Patch Tuesday, Microsoft updated the entries for CVE-2019-1214 and CVE-2019-1215 to remove the “exploited” label.
### Workstation Patches
Scripting Engine, Browser, and LNK patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are
Zscaler
Zscaler found Multiple Security Vulnerabilities | 09-10-2019
blogs_zscaler·CVSS 5.5
[MEDIUM] Zscaler found Multiple Security Vulnerabilities | 09-10-2019
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
2019-09-11
Published