CVE-2019-1226

Name of the Vulnerable Software and Affected Versions Remote Desktop Services (affected versions not specified)

Description A remote code execution issue exists in Remote Desktop Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This issue is pre-authentication and requires no user interaction. An attacker who successfully exploits this could execute arbitrary code on the target system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. To exploit this, an attacker would need to send a specially crafted request to the target system's Remote Desktop Service via RDP.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.