CVE-2019-1108
published 2019-07-15CVE-2019-1108: An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Client…
PriorityP180medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
ITWVulnCheck KEVRansomware
Exploited in the wild
EPSS
10.71%
95.3th percentile
An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Client Information Disclosure Vulnerability'.
Affected
67 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability requires an attacker to connect remotely to an affected system and run a specially crafted application — monitor for unexpected or anomalous RDP client connections initiating from untrusted/external sources. ↗
- →The vulnerability discloses uninitialized memory via the Windows RDP client — detection focus should be on RDP client-side memory disclosure behavior, not server-side. ↗
- →Microsoft rates exploitation as 'More Likely' for both latest and older software releases — prioritize patching and monitoring of RDP client endpoints accordingly. ↗
- ·The root cause is improper initialization of memory in the Windows RDP client — the fix corrects memory initialization, meaning unpatched clients remain at risk of leaking memory contents to a malicious RDP server. ↗
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vulncheck6.5MEDIUM
vendor_msrc6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Remote Desktop Protocol Client Information Disclosure Vulnerability
vendor_msrc·2019-07-09·CVSS 6.5
CVE-2019-1108 [MEDIUM] Remote Desktop Protocol Client Information Disclosure Vulnerability
Remote Desktop Protocol Client Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.
To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially crafted application.
The security update addresses the vulnerability by correcting how the Windows RDP client initializes memory.
FAQ: How do I get the update for Microsoft Remote Desktop for IOS?
Tap the Settings Icon
Tap the iTunes & App Store
Turn on AUTOMATIC DOWNLOADS for Apps
Alternatively
Tap the App Store Icon
Scroll down to find Microsoft
GHSA
GHSA-c586-jcm8-hv2m: An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protoc
ghsa_unreviewed·2022-05-24
CVE-2019-1108 [MEDIUM] CWE-200 GHSA-c586-jcm8-hv2m: An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protoc
An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Client Information Disclosure Vulnerability'.
VulnCheck
Microsoft Windows Exposure of Sensitive Information to an Unauthorized Actor
vulncheck·2019·CVSS 6.5
CVE-2019-1108 [MEDIUM] Microsoft Windows Exposure of Sensitive Information to an Unauthorized Actor
Microsoft Windows Exposure of Sensitive Information to an Unauthorized Actor
An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Client Information Disclosure Vulnerability'.
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.hhs.gov/sites/default/files/revil-update-tlpwhite.pdf; https://static.tenable.com/marketing/whitepapers/Whitepaper-Ransomware_Ecosystem.pdf
No detection rules found.
No public exploits indexed.
Sentinelone
Egregor
blogs_sentinelone·2022-11-30
Egregor
How It Works The Singularity XDR Difference
Singularity Marketplace One-Click Integrations to Unlock the Power of XDR
Pricing & Packaging Comparisons and Guidance at a Glance
Purple AI Accelerate SecOps with Generative AI
Singularity Hyperautomation Easily Automate Security Processes
AI-SIEM The AI SIEM for the Autonomous SOC
Singularity Data Lake AI-Powered, Unified Data Lake
Singularity Data Lake for Log Analytics Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
Singularity Endpoint Autonomous Prevention, Detection, and Response
Singularity XDR Native & Open Protection, Detection, and Response
Singularity RemoteOps Forensics Orchestrate Forensics at Scale
Singularity
Threat Intelligence Comprehensive Adversary Intelligence
Singularity Vulnerability Management
Sentinelone
Egregor
blogs_sentinelone
Egregor
# Egregor Ransomware: In-Depth Analysis, Detection, and Mitigation
## What Is Egregor Ransomware?
Egregor ransomware is part of the Sekhmet malware family that has been active since mid-September 2020. The ransomware operates by hacking into organizations, stealing sensitive user documents, encrypting data, and demanding a ransom to exchange encrypted documents. The Egregor ransomware has been used in several attacks against large organizations, including the French media company Le Monde and the Canadian government.
## What Does Egregor Ransomware Target?
Egregor ransomware targets organizations across all industries, with focus on healthcare, education, financial services, manufacturing and retail industries. Egregor is known to heavily target school districts and higher education in
Zscaler
Zscaler found Multiple Security Vulnerabilities | 07-10-2019
blogs_zscaler·CVSS 7.8
[HIGH] Zscaler found Multiple Security Vulnerabilities | 07-10-2019
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
2019-07-15
Published
Exploited in the wild