VDB
CVE-2019-1224
CVE-2019-1224
PUBLISHED
CVSS 7.5 HIGH
An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows RDP server initializes memory.
EPSS 4.96% · 89.8th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
EPSS Score
4.96%
89.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 10 Version 1903 for ARM64-based Systems | 10.0.0 |
| Microsoft | Windows 10 Version 1903 for 32-bit Systems | 10.0.0 |
| Microsoft | Windows 10 Version 1909 | 10.0.0 |
| microsoft | windows_server_2019 | |
| Microsoft | Windows 10 Version 1809 | 10.0.0 |
| Microsoft | Windows 10 Version 1903 for x64-based Systems | 10.0.0 |
| Microsoft | Windows Server 2019 (Server Core installation) | 10.0.0 |
| Microsoft | Windows Server, version 1903 (Server Core installation) | 10.0.0 |
| Microsoft | Windows Server, version 1803 (Server Core Installation) | 10.0.0 |
| Microsoft | Windows 10 Version 1803 | 10.0.0 |
| Microsoft | Windows Server, version 1909 (Server Core installation) | 10.0.0 |
| Microsoft | Windows Server 2019 | 10.0.0 |
| microsoft | windows_server_2016 | 1903, 1803, 1803 |
| microsoft | windows_10 | 1809, 1903, 1803 |
Timeline
- Aug 14, 2019 CVE Published
- Nov 8, 2019 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 19, 2021 VulnCheck KEV Exploitation
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jun 22, 2022 VulnCheck KEV Exploitation
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1224 url
- https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SESB-2019-214-01-Wind_River_VxWorks_Security_Bulletin_V2.2.pdf&p_Doc_Ref=SESB-2019-214-01 advisory
- https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-134-07_ConneXium_and_PowerLogic_Gateway_V2.pdf&p_Doc_Ref=SEVD-2019-134-07 advisory
- https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-193-02_MicrosoftRDS-Product_InformationV1.4.pdf&p_Doc_Ref=SEVD-2019-193-02 advisory
- https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-071-03-TriStation_Emulator_V2.pdf&p_Doc_Ref=SEVD-2019-071-03 advisory
- https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-267-01_MicrosoftRDS-DejaBlue-Product_InformationV1.1.pdf&p_Doc_Ref=SEVD-2019-267-01 advisory
- https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-193-01_IntelMDS-Product_InformationV1.3.pdf&p_Doc_Ref=SEVD-2019-193-01 advisory
- https://portal.msrc.microsoft.com/fr-FR/security-guidance advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-1224 advisory