Trending CVEs for the Week of August 19th, 2019
- Aug 21, 2019
- Michael Tucker
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are 3 more vulnerabilities CVE-2019-1182, CVE-2019-1222 and CVE-2019-1226, can be exploited by unauthenticated, remote attackers to take control of an affected computer system without requiring any user interaction. All 4 vulnerabilities have discovered by Microsoft’s security team this week.
Follow the Microsoft security advisories to implement patch or workaround.