What is the severity of CVE-2019-1222?

CVE-2019-1222 is rated as critical due to its ability to allow remote code execution.

How do I fix CVE-2019-1222?

To fix CVE-2019-1222, apply the security updates provided by Microsoft for affected versions of Windows.

What versions of Windows are affected by CVE-2019-1222?

CVE-2019-1222 affects Microsoft Windows 10 (1803, 1809, 1903) and Windows Server 2016 (1803, 1903) and Windows Server 2019.

Can CVE-2019-1222 be exploited remotely?

Yes, CVE-2019-1222 can be exploited remotely by an unauthenticated attacker via Remote Desktop Protocol (RDP).

Is user interaction required for exploitation of CVE-2019-1222?

No, exploitation of CVE-2019-1222 does not require any user interaction.

Vulnerability/
CVE-2019-1222

critical

14/8/2019

4/8/2024

CVE-2019-1222: Remote Desktop Services Remote Code Execution Vulnerability

First published: Wed Aug 14 2019(Updated: )

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
Windows 10	=1803
Windows 10	=1809
Windows 10	=1903
Microsoft Windows Server 2016	=1803
Microsoft Windows Server 2016	=1903
Microsoft Windows Server 2019

Remedy

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-1222?
CVE-2019-1222 is rated as critical due to its ability to allow remote code execution.
How do I fix CVE-2019-1222?
To fix CVE-2019-1222, apply the security updates provided by Microsoft for affected versions of Windows.
What versions of Windows are affected by CVE-2019-1222?
CVE-2019-1222 affects Microsoft Windows 10 (1803, 1809, 1903) and Windows Server 2016 (1803, 1903) and Windows Server 2019.
Can CVE-2019-1222 be exploited remotely?
Yes, CVE-2019-1222 can be exploited remotely by an unauthenticated attacker via Remote Desktop Protocol (RDP).
Is user interaction required for exploitation of CVE-2019-1222?
No, exploitation of CVE-2019-1222 does not require any user interaction.

agent/type
agent/remedy
agent/references
agent/title
agent/first-publish-date
agent/event
agent/severity
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
collector/nvd-index
agent/software-canonical-lookup-request
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/microsoft
canonical/windows 10
version/windows 10/1803
version/windows 10/1809
version/windows 10/1903
canonical/microsoft windows server 2016
version/microsoft windows server 2016/1803
version/microsoft windows server 2016/1903
canonical/microsoft windows server 2019