CVE-2019-1222

Name of the Vulnerable Software and Affected Versions Microsoft Windows Remote Desktop Services (affected versions not specified)

Description The issue is caused by errors in checking requests to the Remote Desktop Services (RDS) when connecting via the RDP protocol. Exploitation of this issue may allow a remote attacker to execute arbitrary code on the target system. This can be done without authentication and requires no user interaction. An attacker who successfully exploits this issue could install programs, view, change, or delete data, or create new accounts with full user rights. To exploit this issue, an attacker would need to send a specially crafted request to the target system's Remote Desktop Service via RDP.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.