CVE-2019-1181

Name of the Vulnerable Software and Affected Versions Remote Desktop Services versions prior to the fixed version, including Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions.

Description A remote code execution issue exists in Remote Desktop Services when an unauthenticated attacker connects using RDP and sends specially crafted requests. This issue is pre-authentication and requires no user interaction, allowing an attacker to execute arbitrary code on the target system, install programs, view, change, or delete data, or create new accounts with full user rights. The issue arises from errors in checking RDP connection requests.

Recommendations For Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions, update to the latest version that includes the fix for this issue. As a temporary workaround, consider enabling Network Level Authentication (NLA) on affected systems to partially mitigate the issue. Restrict access to the Remote Desktop Service via RDP to minimize the risk of exploitation until the issue is resolved.