DESCRIPTION:
Multiple remote code execution vulnerabilities(CVE-2019-1181、CVE-2019-1182、CVE-2019-1222 and CVE-2019-1226) exist in Microsoft Windows Remote Desktop Services (RDS) – formerly known as Terminal Services.
An unauthenticated attacker could exploit these remote code execution flaws by sending a specially crafted request. These vulnerabilities are pre-authentication and require no user interaction. An attacker who successfully exploited these vulnerabilities could execute arbitrary code on the target system.
AFFECTED RELEASES:
Windows 7
Windows 8.1
Windows 10
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Server 2019
SOLUTION:
Users and system administrators of affected versions are advised to apply the security updates immediately.
1. CVE-2019-1181 and CVE-2019-1182
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/312890cc-3673-e911-a991-000d3a33a34d
2. CVE-2019-1222
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222
3. CVE-2019-1226
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226
REFERENCE:
1. https://thehackernews.com/2019/08/windows-rdp-wormable-flaws.html
2. https://www.ithome.com.tw/news/132413
3. https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/312890cc-3673-e911-a991-000d3a33a34d
4. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222
5. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226
6. https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1441