CVE-2019-1224

high

Description

An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows RDP server initializes memory.

References

https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem

https://www.tenable.com/cyber-exposure/2020-threat-landscape-retrospective

https://www.bleepingcomputer.com/news/security/fbi-warns-of-egregor-ransomware-extorting-businesses-worldwide/

https://www.tenable.com/blog/tenable-roundup-for-microsoft-s-august-2019-patch-tuesday-dejablue

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1224

Details

Source: Mitre, NVD

Published: 2019-08-14

Updated: 2024-05-29

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High