10
CVSSv2

CVE-2019-1182

Published: 14/08/2019 Updated: 19/08/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services? Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1181, CVE-2019-1222, CVE-2019-1226.

Vulnerability Trend

Vendor Advisories

Microsoft released four security advisories to disclose four remote code execution vulnerabilities in Remote Desktop Services An unauthenticated attacker connects to the target system using RDP and sends specially crafted requests to exploit the vulnerabilities Successful exploit may cause arbitrary code execution on the target system (Vulnerabi ...

Recent Articles

Microsoft Patch Tuesday – August 2019
Symantec Threat Intelligence Blog • Ratheesh PM • 14 Aug 2019

This month the vendor has patched 93 vulnerabilities, 27 of which are rated Critical.

Posted: 14 Aug, 201926 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – August 2019This month the vendor has patched 93 vulnerabilities, 27 of which are rated Critical.This month Microsoft has patched 93 vulnerabilities, 27 of which are rated Critical.

As always, customers are advised to follow these security best practices:


Install vendor patches as soon ...

This summer's hottest sequels: BlueKeep II, III, IV and V – the latest wormable RDP holes in Microsoft Windows
The Register • Shaun Nichols in San Francisco • 13 Aug 2019

Plus special guest stars Adobe and SAP in this month's security fixes

Patch Tuesday Microsoft, Adobe, and SAP may have just ruined more than a few summer vacation plans, thanks to a massive and critical Patch Tuesday bundle of security fixes this month.
Among the 93 CVE-listed flaws patched this month are four particularly serious remote-code execution bugs in Remote Desktop Services that can be exploited by hackers to take control of vulnerable systems with nothing more than a specially crafted RDP packet. No username and password, or other authentication, ...

Shades of BlueKeep: Wormable Remote Desktop Bugs Top August Patch Tuesday List
Threatpost • Tara Seals • 13 Aug 2019

Microsoft’s August Patch Tuesday release contains updates for 93 CVEs, including 29 that are rated critical in severity. The highest priority of these include four critical remote code-execution (RCE) vulnerabilities in Remote Desktop Services (RDS) and a critical RCE flaw in Microsoft Word.
Also, two of the RDS bugs are wormable, allowing an exploit to self-propagate from PC to PC without user interaction, thus setting the scene for a global, fast-moving infection wave. Microsoft warned...

Microsoft Fixes Critical Windows 10 Wormable Remote Desktop Flaws
BleepingComputer • Sergiu Gatlan • 13 Aug 2019

Microsoft released patches for two new critical remote code execution (RCE) vulnerabilities found in the Remote Desktop Services (RDS) and affecting all in-support versions of Windows.
Users are urged to patch by the Microsoft Security Response Center (MSRC) to patch the newly found Windows security flaws as soon as possible due to the elevated risks associated with wormable vulnerabilities.
The two critical RCE flaws are tracked s CVE-2019-1181 and CVE-2019-1182, and just like "...

Microsoft's August 2019 Patch Tuesday Fixes 96 Vulnerabilities
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Today is Microsoft's August 2019 Patch Tuesday, which means your Windows administrators are hoping they took the day off. So be nice to them!
With the release of the August 2019 security updates, Microsoft has released 2 advisories and updates for 94 vulnerabilities. Of these vulnerabilities, 26 are classified as Critical. 
Included in this month's updates are two new Critical and wormable Remote Desktop Protocol (RDP) vulnerabilities that affect all versions of Windows and coul...

Microsoft's August 2019 Patch Tuesday Fixes 95 Vulnerabilities
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Today is Microsoft's August 2019 Patch Tuesday, which means your Windows administrators are hoping they took the day off. So be nice to them!
With the release of the August 2019 security updates, Microsoft has released 2 advisories and updates for 94 vulnerabilities. Of these vulnerabilities, 26 are classified as Critical. 
Included in this month's updates are two new Critical and wormable Remote Desktop Protocol (RDP) vulnerabilities that affect all versions of Windows and coul...