CVE-2019-1222 — Microsoft Windows 10 Version 1903 FOR 32-bit Systems vulnerability
20 documents8 sources
Severity
9.8CRITICALNVD
EPSS
19.3%
top 4.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 14
Latest updateMay 24
Description
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages8 packages
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-qcg4-w26w-fjv8: A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker conne↗2022-05-24
GHSA▶
GHSA-vw3c-3fmq-qpgq: A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker conne↗2022-05-24
GHSA▶
GHSA-w8p3-q4q6-xq79: A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker conne↗2022-05-24
GHSA▶
GHSA-qvf2-39c6-g8rr: A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker conne↗2022-05-24
📋Vendor Advisories
1🕵️Threat Intelligence
10💬Community
3Bugzilla▶
CVE-2019-20799 cherokee: multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server↗2020-05-25