Skip to content

SonicWALL - WORMABLE VULNERABILITIES IN WINDOWS REMOTE DESKTOP SERVICES

Microsoft patched new wormable vulnerabilities in Windows Remote desktop Services on August 13th.
Following is the description and coverage:
CVE-2019-1181
A remote code execution vulnerability exists in Remote Desktop formerly known as Terminal Services, when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Remote Desktop Services Remote Code Execution Vulnerability’.
CVE-2019-1182
A remote code execution vulnerability exists in Remote Desktop Services, formerly known as Terminal Services ; when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Remote Desktop Services Remote Code Execution Vulnerability’

CVE-2019-1224 and CVE-2019-1225
An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory, aka ‘Remote Desktop Protocol Server Information Disclosure Vulnerability

SonicWall Capture Labs Threat Research Team has analyzed and addressed these vulnerabilities with following signatures.
IPS 14356 : Windows Remote Desktop Services Remote Code Execution (AUG 19) 1
IPS 14357 : Windows Remote Desktop Services Remote Code Execution (AUG 19) 2
IPS 14354 : Remote Desktop Protocol Server Information Disclosure Vulnerability (AUG 19) 1

Previous article SonicWall’s Tiffany Haselhorst Joins 2020 CRN 100 Rising Female Stars List

More SonicWall News Posts

  • Product Security Notice:  SONICWALL SSL-VPN SMA100 Series Vulnerabilities
    December 7, 2023 Esther McNally

    Product Security Notice: SONICWALL SSL-VPN SMA100 Series Vulnerabilities

    SONICWALL SSL-VPN SMA100 version 10.X is affected by multiple vulnerabilities Overview CVE-2023-44221: Post Authentication OS Command Injection Vulnerability (CVSS Score: 7.2) Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege...

    Read now
  • Turn On Your MFA
    November 9, 2023 Esther McNally

    Turn On Your MFA

    With millions of stolen credentials currently up for sale, the time for stronger authentication is now. In “Star Trek: The Next Generation,” Jean-Luc Picard famously said, “It is possible to commit no mistakes and still lose.” This applies to many...

    Read now
  • Password Pro Tips
    November 7, 2023 Esther McNally

    Password Pro Tips

    A solid password is instrumental to keeping your important accounts and information safeguarded. October is typically associated with pumpkin spice lattes, college football, crunching leaves underfoot and ghostly fun, but did you know it’s also Cybersecurity Awareness Month? This is...

    Read now