MS.RDP.DVC.Uncompressed.Size.Heap.Buffer.Overflow
Description
This indicates an attack attempt to exploit a Heap Buffer Overflow vulnerability in Microsoft Remote Desktop.
The vulnerability is caused by an error when the RDP service handles a malicious request. A remote attacker may be able to exploit this to execute arbitrary code on affected systems.
Affected Products
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1803 (Server Core Installation)
Windows Server, version 1903 (Server Core installation)
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Upgrade to the latest version available from the website.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-09-13 | 14.687 | Default_action:pass:drop |
2019-09-06 | 14.683 | Sig Added |
2019-09-05 | 14.682 | Sig Added |
2019-08-28 | 14.678 |