cbcvebase.
CVE-2019-1108
published 2019-07-15

CVE-2019-1108: An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Client…

PriorityP180medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
ITWVulnCheck KEVRansomware
Exploited in the wild
EPSS
10.71%
95.3th percentile
An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Client Information Disclosure Vulnerability'.

Affected

67 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability requires an attacker to connect remotely to an affected system and run a specially crafted application — monitor for unexpected or anomalous RDP client connections initiating from untrusted/external sources.
  • The vulnerability discloses uninitialized memory via the Windows RDP client — detection focus should be on RDP client-side memory disclosure behavior, not server-side.
  • Microsoft rates exploitation as 'More Likely' for both latest and older software releases — prioritize patching and monitoring of RDP client endpoints accordingly.
  • ·The root cause is improper initialization of memory in the Windows RDP client — the fix corrects memory initialization, meaning unpatched clients remain at risk of leaking memory contents to a malicious RDP server.

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vulncheck6.5MEDIUM
vendor_msrc6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.