⚠ Exploited in the wild

Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2019-1225 — Sensitive Information Exposure in Microsoft Windows 10 Version 1803

CWE-200 — Sensitive Information Exposure17 documents11 sources

Severity

7.5HIGHNVD

EPSS

5.0%

top 10.32%

CISA KEV

Not in KEV

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Windows 10 Version 1803 Microsoft Windows 10 Version 1809 Microsoft Windows 10 Version 1903 FOR 32-bit Systems +23 more

Timeline

PublishedAug 14

Latest updateMar 7

Description

An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows RDP server initializes memory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages26 packages

▶CVEListV5microsoft/windows_server_201910.0.0 — publication

▶CVEListV5microsoft/windows_10_version_1903_for_32-bit_systems10.0.0 — publication

▶CVEListV5microsoft/windows_10_version_1903_for_x64-based_systems10.0.0 — publication

▶CVEListV5microsoft/windows_10_version_1903_for_arm64-based_systems10.0.0 — publication

▶msrcmsrc/windows_server_2019

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-4522-qq94-2q92: An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory, aka 'Remote Desktop Protoc↗2022-05-24

▶

GHSA

GHSA-36vx-qm6w-f394: An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory, aka 'Remote Desktop Protoc↗2022-05-24

▶

VulnCheck

Microsoft Windows Exposure of Sensitive Information to an Unauthorized Actor↗2019

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2023-1225↗2023-03-07

▶

Microsoft

Remote Desktop Protocol Server Information Disclosure Vulnerability↗2019-08-13

▶

🕵️Threat Intelligence

Sentinelone

Egregor↗2022-11-30

▶

Qualys

August 2019 Patch Tuesday – 93 Vulns, 29 Critical, 7 Remote Desktop Vulns, Hyper-V, DHCP, Adobe vulns↗2019-08-13

▶

Talos

Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage↗2019-08-13

▶

Tenable

Tenable Roundup for Microsoft’s August 2019 Patch Tuesday: DejaBlue↗2019-08-13

▶

Qualys

Windows Remote Desktop Vulnerabilities (Seven Monkeys) – How to Detect and Patch↗2019-08-13

▶

💬Community

Bugzilla

CVE-2019-20799 cherokee: multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server↗2020-05-25

▶