CVE-2019-1181
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.
| Software | From | Fixed in |
|---|---|---|
| microsoft / windows_server_2012 | r2 | r2.x |
| microsoft / windows_10 | 1607 | 1607.x |
| microsoft / windows_server_2008 | --sp2 | --sp2.x |
| microsoft / windows_7 | --sp1 | --sp1.x |
| microsoft / windows_10 | 1703 | 1703.x |
| microsoft / windows_10 | 1709 | 1709.x |
| microsoft / windows_10 | 1803 | 1803.x |
| microsoft / windows_server_2016 | 1803 | 1803.x |
| microsoft / windows_10 | 1809 | 1809.x |
| microsoft / windows_server_2016 | 1903 | 1903.x |
| microsoft / windows_10 | 1903 | 1903.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime