virus logo Intrusion Prevention

MS.RDP.UDP2.Dummy.Packets.Information.Disclosure

description-logoDescription

This indicates a possible attack against a Information Disclosure vulnerability in Microsoft Remote Desktop.
The vulnerability is caused by an error when the RDP service handles a malicious request. A remote attacker may be able to exploit this to gain access to critical information from vulnerable systems via a crafted client request.

affected-products-logoAffected Products

Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1803 (Server Core Installation)
Windows Server, version 1903 (Server Core installation)

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems

recomended-action-logoRecommended Actions

Upgrade to the latest version available from the website.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1224
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1225

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-08-29 14.679 Default_action:pass:drop
2019-08-20 14.673
ID 48312
Created Aug 20, 2019
Updated May 02, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2019-1225 CVE-2019-1224
Exploit Prediction Score 0.91%
Default Action drop
Active
Affected OS Windows
Affected App Other