A remote code execution vulnerability has been identified in the Microsoft Remote Desktop Protocol. An attacker could exploit this vulnerability by establishing an attacker-to-computer (ATTACK-to-COMPUTER) connection to an affected system. This vulnerability could be exploited to execute arbitrary code on the affected system. This vulnerability would require user interaction to be exploited.
As a precaution, customers should consider applying the latest vendor-supplied updates. Exploitation of this vulnerability requires that a user open a specially crafted remote desktop connection.
This vulnerability has been assigned Common Vulnerability and Exposure number CVE-2019-11918. A patch that resolves this vulnerability is not available. However, there are workarounds that address this vulnerability. The information below provides details on the workarounds that are currently known. - Vendors should consider updating their products to version 10.0.17763. The update resolves the vulnerability that is being exploited to execute remote code. - A workaround for CVE-2019-11918 is to use the Internet Explorer Enhanced Mitigation Mode.
Vulnerability Details
CVE-2019-11918 is a remote code execution vulnerability that has been identified in the Microsoft Remote Desktop Protocol. An attacker could exploit this vulnerability by establishing an ATTACK-to-COMPUTER connection to an affected system.
Microsoft Remote Desktop Protocol Vulnerability - Overview
A remote code execution vulnerability has been identified in the Microsoft Remote Desktop Protocol. An attacker could exploit this vulnerability by establishing an attacker-to-computer (ATTACK-to-COMPUTER) connection to an affected system. This vulnerability could be exploited to execute arbitrary code on the affected system. This vulnerability would require user interaction to be exploited.
As a precaution, customers should consider applying the latest vendor-supplied updates. Exploitation of this vulnerability requires that a user open a specially crafted remote desktop connection.
This vulnerability has been assigned Common Vulnerability and Exposure number CVE-2019-11918. A patch that resolves this vulnerability is not available. However, there are workarounds that address this vulnerability. The information below provides details on the workarounds that are currently known.
Vulnerability summary
A remote code execution vulnerability has been identified in the Microsoft Remote Desktop Protocol. An attacker could exploit this vulnerability by establishing an attacker-to-computer (ATTACK-to-COMPUTER) connection to an affected system. This vulnerability could be exploited to execute arbitrary code on the affected system. This vulnerability would require user interaction to be exploited.
As a precaution, customers should consider applying the latest vendor-supplied updates. Exploitation of this vulnerability requires that a user open a specially crafted remote desktop connection.
This vulnerability has been assigned Common Vulnerability and Exposure number CVE-2019-11918. A patch that resolves this vulnerability is not available. However, there are workarounds that address this vulnerability. The information below provides details on the workarounds that are currently known.
Vendor Information
The vendor has not yet released a patch for this vulnerability.
Timeline
Published on: 01/11/2022 21:15:00 UTC
Last modified on: 05/23/2022 17:29:00 UTC