CVE-2019-1222
published 2019-08-14CVE-2019-1222: A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1803 | >= 10.0.0 < publication | publication |
| microsoft | windows_10_version_1809 | >= 10.0.0 < publication | publication |
| microsoft | windows_10_version_1903_for_32-bit_systems | >= 10.0.0 < publication | publication |
| microsoft | windows_10_version_1903_for_arm64-based_systems | >= 10.0.0 < publication | publication |
| microsoft | windows_10_version_1903_for_x64-based_systems | >= 10.0.0 < publication | publication |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2019 | >= 10.0.0 < publication | publication |
| msrc | windows_10_version_1803_for_32-bit_systems | — | — |
| msrc | windows_10_version_1803_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1803_for_x64-based_systems | — | — |
| msrc | windows_10_version_1809_for_32-bit_systems | — | — |
| msrc | windows_10_version_1809_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1809_for_x64-based_systems | — | — |
| msrc | windows_10_version_1903_for_32-bit_systems | — | — |
| msrc | windows_10_version_1903_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1903_for_x64-based_systems | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_version_1803 | — | — |
| msrc | windows_server_version_1903 | — | — |
GHSA
GHSA-qcg4-w26w-fjv8: A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker conne
ghsa_unreviewed·2022-05-24·CVSS 9.8
CVE-2019-1226 [CRITICAL] GHSA-qcg4-w26w-fjv8: A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker conne
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services? Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1181, CVE-2019-1182, CVE-2019-1222.
GHSA
GHSA-vw3c-3fmq-qpgq: A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker conne
ghsa_unreviewed·2022-05-24·CVSS 9.8
CVE-2019-1182 [CRITICAL] GHSA-vw3c-3fmq-qpgq: A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker conne
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services? Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1181, CVE-2019-1222, CVE-2019-1226.
GHSA
GHSA-w8p3-q4q6-xq79: A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker conne
ghsa_unreviewed·2022-05-24·CVSS 9.8
CVE-2019-1181 [CRITICAL] GHSA-w8p3-q4q6-xq79: A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker conne
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services? Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1182, CVE-2019-1222, CVE-2019-1226.
GHSA
GHSA-qvf2-39c6-g8rr: A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker conne
ghsa_unreviewed·2022-05-24·CVSS 9.8
CVE-2019-1222 [CRITICAL] GHSA-qvf2-39c6-g8rr: A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker conne
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services? Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1181, CVE-2019-1182, CVE-2019-1226.
Microsoft
Remote Desktop Services Remote Code Execution Vulnerability
vendor_msrc·2019-08-13·CVSS 9.8
CVE-2019-1222 [CRITICAL] Remote Desktop Services Remote Code Execution Vulnerability
Remote Desktop Services Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
The update addresses the vulnerability by correcting how R
No detection rules found.
No public exploits indexed.
Tenable
Healthcare Security: Ransomware Plays a Prominent Role in COVID-19 Era Breaches
blogs_tenable·2021-03-10
Healthcare Security: Ransomware Plays a Prominent Role in COVID-19 Era Breaches
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Microsoft’s January 2020 Patch Tuesday Kicks Off the New Year with 49 New CVEs
blogs_tenable·2020-01-14
Microsoft’s January 2020 Patch Tuesday Kicks Off the New Year with 49 New CVEs
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Objects in Mirror Are Closer Than They Appear: Reflecting on the Cybersecurity Threats from 2019
blogs_tenable·2019-12-16
Objects in Mirror Are Closer Than They Appear: Reflecting on the Cybersecurity Threats from 2019
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
August 2019 Patch Tuesday – 93 Vulns, 29 Critical, 7 Remote Desktop Vulns, Hyper-V, DHCP, Adobe vulns
blogs_qualys·2019-08-13·CVSS 9.8
[CRITICAL] August 2019 Patch Tuesday – 93 Vulns, 29 Critical, 7 Remote Desktop Vulns, Hyper-V, DHCP, Adobe vulns
Update Aug 13, 2019 : Detect and Patch Windows Remote Desktop Vulnerabilities
This month’s Microsoft Patch Tuesday addresses 93 vulnerabilities with 29 of them labeled as Critical. Of the 29 Critical vulns, 10 are for scripting engines and browsers, 6 for Windows Graphics/Font Library, and 4 are for Office apps. In addition, Microsoft has patched 4 (!) Critical RCEs in Remote Desktop (plus 3 Important), 2 for Hyper-V, 2 in DHCP Client/Server, and one for LNK files. Adobe has also released a large number of patches covering multiple products.
## Workstation Patches
Scripting Engine, Browser, Office, Graphics/Font, and LNK patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user
Talos
Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-08-13·CVSS 9.1
[CRITICAL] Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 97 vulnerabilities, 31 of which are rated “critical," 65 that are considered "important" and one "moderate."
This month’s security update covers security issues in a variety of Microsoft services and software, including certain graphics components, Outlook and the Chakra Scripting Engine. For more on our coverage of these bugs, check out our Snort advisories here, covering all of the new rules we have for this release.
### Critical vulnerabilities Microsoft disclosed 31 critical vulnerabilities this month, three of which we will highlight below.
CVE-2019-1181 and CVE-2019-1182 are both remote code execution vulnerabilities in Remote De
Tenable
Tenable Roundup for Microsoft’s August 2019 Patch Tuesday: DejaBlue
blogs_tenable·2019-08-13
Tenable Roundup for Microsoft’s August 2019 Patch Tuesday: DejaBlue
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
Windows Remote Desktop Vulnerabilities (Seven Monkeys) – How to Detect and Patch
blogs_qualys·2019-08-13·CVSS 9.8
[CRITICAL] Windows Remote Desktop Vulnerabilities (Seven Monkeys) – How to Detect and Patch
## Table of Contents
Authenticated check:
Remediating with Qualys Patch Management:
Patch Links:
Mitigation:
Workarounds:
Resources:
In the August 2019 Patch Tuesday release, Microsoft disclosed 7 RDP Vulnerabilities, out of which 4 are labeled as critical and 3 as important. All the critical vulnerabilities exist in Remote Desktop Services – formerly known as Terminal Services – and do not require authentication or user interaction. To exploit the vulnerabilities, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
The cyber industry has named them as Seven Monkeys pertaining to seven CVEs released. Microsoft has released patches for these vulnerabilities and at least two of these (CVE-2019-1181 & CVE-2019-1182) can be c
Talos
Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-08-13·CVSS 9.8
[CRITICAL] Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 97 vulnerabilities, 31 of which are rated “critical," 65 that are considered "important" and one "moderate."
This month’s security update covers security issues in a variety of Microsoft services and software, including certain graphics components, Outlook and the Chakra Scripting Engine. For more on our coverage of these bugs, check out our Snort advisories here , covering all of the new rules we have for this release.
## Critical vulnerabilities Microsoft disclosed 31 critical vulnerabilities this month, three of which we will highlight below.
CVE-2
Qualys
August 2019 Patch Tuesday - 93 Vulns, 29 Critical, 7 Remote Desktop Vulns, Hyper-V, DHCP, Adobe vulns | Qualys
blogs_qualys·2019-08-13·CVSS 9.8
[CRITICAL] August 2019 Patch Tuesday - 93 Vulns, 29 Critical, 7 Remote Desktop Vulns, Hyper-V, DHCP, Adobe vulns | Qualys
Update Aug 13, 2019: Detect and Patch Windows Remote Desktop Vulnerabilities
This month’s Microsoft Patch Tuesday addresses 93 vulnerabilities with 29 of them labeled as Critical. Of the 29 Critical vulns, 10 are for scripting engines and browsers, 6 for Windows Graphics/Font Library, and 4 are for Office apps. In addition, Microsoft has patched 4 (!) Critical RCEs in Remote Desktop (plus 3 Important), 2 for Hyper-V, 2 in DHCP Client/Server, and one for LNK files. Adobe has also released a large number of patches covering multiple products.
### Workstation Patches
Scripting Engine, Browser, Office, Graphics/Font, and LNK patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user
Qualys
Windows Remote Desktop Vulnerabilities (Seven Monkeys) – How to Detect and Patch | Qualys
blogs_qualys·2019-08-13·CVSS 9.8
[CRITICAL] Windows Remote Desktop Vulnerabilities (Seven Monkeys) – How to Detect and Patch | Qualys
#### Table of Contents
- Authenticated check:
- Remediating with Qualys Patch Management:
- Patch Links:
- Mitigation:
- Workarounds:
- Resources:
In the August 2019 Patch Tuesday release, Microsoft disclosed 7 RDP Vulnerabilities, out of which 4 are labeled as critical and 3 as important. All the critical vulnerabilities exist in Remote Desktop Services – formerly known as Terminal Services – and do not require authentication or user interaction. To exploit the vulnerabilities, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
The cyber industry has named them as Seven Monkeys pertaining to seven CVEs released. Microsoft has released patches for these vulnerabilities and at least two of these (CVE-2019-1181 & CVE-2019-1182)
Bugzilla
CVE-2019-20799 cherokee: multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server
bugzilla·2020-05-25·CVSS 7.5
CVE-2019-20799 [HIGH] CVE-2019-20799 cherokee: multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server
CVE-2019-20799 cherokee: multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server
In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server.
References:
https://github.com/cherokee/webserver/issues/1221
https://github.com/cherokee/webserver/issues/1222
https://github.com/cherokee/webserver/issues/1225
https://github.com/cherokee/webserver/issues/1226
https://logicaltrust.net/blog/2019/11/cherokee.html
Discussion:
Created cherokee tracking bugs for this issue:
Affects: epel-6 [bug 1839862]
Affects: fedora-all [bug 1839861]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red
Bugzilla
CVE-2019-3891 candlepin: credentials exposure through log files
bugzilla·2019-03-28·CVSS 7.8
CVE-2019-3891 [HIGH] CVE-2019-3891 candlepin: credentials exposure through log files
CVE-2019-3891 candlepin: credentials exposure through log files
A vulnerability was found in the way Satellite 6 installer logs the calls to Candlepins cpdb. The /var/log/candlepin/cpdb.log log file permissions allows a non privileged user to read credentials information from the log files.
Bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=1692703
Discussion:
Mitigation:
Remove world readable permission from /var/log/candlepin/cpdb.log, by executing the following on the console of the machine where Red Hat Satellite is installed, as root:
chmod o-r /var/log/candlepin/cpdb.log
---
Acknowledgments:
Name: Evgeni Golov (Red Hat)
---
This issue has been addressed in the following products:
Red Hat Satellite 6.5 for RHEL 7
Via RHSA-2019:1222 https://access.redhat.com/errata/RH
Bugzilla
CVE-2018-16887 katello: stored XSS in subscriptions and repositories pages
bugzilla·2018-11-01·CVSS 5.4
CVE-2018-16887 [MEDIUM] CVE-2018-16887 katello: stored XSS in subscriptions and repositories pages
CVE-2018-16887 katello: stored XSS in subscriptions and repositories pages
A flaw was found in katello. An stored XSS in the subscriptions and repositories pages due to an improper sanitization of the new organization input field.
References:
https://projects.theforeman.org/issues/25182
Upstream Patch:
https://github.com/Katello/katello/pull/7757
https://projects.theforeman.org/projects/katello/repository/revisions/17451c950201bedec9bdd3748e17863b550a6be2
Discussion:
Acknowledgments:
Name: Sanket Jagtap (Red Hat Pune India)
---
Statement:
Red Hat Subscription Asset Manager does not support the Organization Change, and therefore is not affected by this flaw.
---
This issue has been addressed in the following products:
Red Hat Satellite 6.5 for RHEL 7
Via RHSA-2019:1222 https:/
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190819-01-windows-enhttps://cert-portal.siemens.com/productcert/pdf/ssa-187667.pdfhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190819-01-windows-enhttps://cert-portal.siemens.com/productcert/pdf/ssa-187667.pdfhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222
2019-08-14
Published