10
CVSSv2

CVE-2019-1222

Published: 14/08/2019 Updated: 19/08/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services? Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1181, CVE-2019-1182, CVE-2019-1226.

Vulnerability Trend

Affected Products

Vendor Product Versions
MicrosoftWindows 101803, 1809, 1903
MicrosoftWindows Server 20161803, 1903
MicrosoftWindows Server 2019-

Vendor Advisories

Microsoft released four security advisories to disclose four remote code execution vulnerabilities in Remote Desktop Services An unauthenticated attacker connects to the target system using RDP and sends specially crafted requests to exploit the vulnerabilities Successful exploit may cause arbitrary code execution on the target system (Vulnerabi ...

Recent Articles

Microsoft Patch Tuesday – August 2019
Symantec Threat Intelligence Blog • Ratheesh PM • 14 Aug 2019

This month the vendor has patched 93 vulnerabilities, 27 of which are rated Critical.

Posted: 14 Aug, 201926 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – August 2019This month the vendor has patched 93 vulnerabilities, 27 of which are rated Critical.This month Microsoft has patched 93 vulnerabilities, 27 of which are rated Critical.

As always, customers are advised to follow these security best practices:


Install vendor patches as soon ...

This summer's hottest sequels: BlueKeep II, III, IV and V – the latest wormable RDP holes in Microsoft Windows
The Register • Shaun Nichols in San Francisco • 13 Aug 2019

Plus special guest stars Adobe and SAP in this month's security fixes

Patch Tuesday Microsoft, Adobe, and SAP may have just ruined more than a few summer vacation plans, thanks to a massive and critical Patch Tuesday bundle of security fixes this month.
Among the 93 CVE-listed flaws patched this month are four particularly serious remote-code execution bugs in Remote Desktop Services that can be exploited by hackers to take control of vulnerable systems with nothing more than a specially crafted RDP packet. No username and password, or other authentication, ...

Shades of BlueKeep: Wormable Remote Desktop Bugs Top August Patch Tuesday List
Threatpost • Tara Seals • 13 Aug 2019

Microsoft’s August Patch Tuesday release contains updates for 93 CVEs, including 29 that are rated critical in severity. The highest priority of these include four critical remote code-execution (RCE) vulnerabilities in Remote Desktop Services (RDS) and a critical RCE flaw in Microsoft Word.
Also, two of the RDS bugs are wormable, allowing an exploit to self-propagate from PC to PC without user interaction, thus setting the scene for a global, fast-moving infection wave. Microsoft warned...