Microsoft CVE-2019-0787: Remote Desktop Client Remote Code Execution Vulnerability
Description
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to have control of a server and then convince a user to connect to it. An attacker would have no way of forcing a user to connect to the malicious server, they would need to trick the user into connecting via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a legitimate server, host malicious code on it, and wait for the user to connect. The update addresses the vulnerability by correcting how the Windows Remote Desktop Client handles connection requests.
Solution(s)
- msft-kb4512578-0cd62cca-3a16-480d-a189-e8ea147bb43f
- msft-kb4512578-43bab29b-faba-4d28-ab68-daae07145e70
- msft-kb4512578-83d97879-e87b-4658-a1f1-2d436c2b0a9f
- msft-kb4515384-1fec8c01-d96f-4692-9c3f-533f1966ba0f
- msft-kb4515384-afb67aeb-fdea-4890-8a09-28b41988eec6
- msft-kb4515384-f440901e-4a8a-4ff0-b578-73ab9ec39370
- msft-kb4516033-03092e33-5b1d-4cc9-bcf9-578e906cefb2
- msft-kb4516033-0ac4e288-0e6c-4bee-99a6-2dc8491bd6e6
- msft-kb4516033-59d96021-d80c-446b-9cb3-ff0b6178c0b2
- msft-kb4516033-78d9fe94-89a2-4a23-aa35-dff5e55adbf0
- msft-kb4516033-8355f60a-e69c-49bf-b934-6b9aedfc75b7
- msft-kb4516033-cae28dc4-51e5-4572-b3f3-a3f4a1064bee
- msft-kb4516044-4d387cda-6491-4775-9f86-ec445694daf6
- msft-kb4516044-5743683a-0751-4f47-a0a5-54186af17be5
- msft-kb4516044-5bd21ff7-dd92-4cb4-a08a-e15994c99cad
- msft-kb4516058-4d1b0989-a12b-4062-9692-ada2a53833aa
- msft-kb4516058-aa4b167d-e6b6-4206-aa84-b9c135353b77
- msft-kb4516058-f2bdd1f1-8f8f-429b-b798-905b82bdf629
- msft-kb4516064-90e2bb11-b4ba-4212-90e4-d82f4434a4c9
- msft-kb4516064-c31ee34e-e1cb-42ba-9f96-28a38c3e45a7
- msft-kb4516064-c79723c3-399a-4160-9547-d9b5384db522
- msft-kb4516066-92c6450f-2320-49f6-8bd9-0b61c9e10976
- msft-kb4516066-ad42679f-7ae5-4e30-818f-ec14d19718a1
- msft-kb4516068-117fb78f-b0ad-4ba3-a5aa-8cc9dad2be7d
- msft-kb4516068-568e1bb0-2cd4-4521-8b07-fc5be5bcb391
- msft-kb4516070-085d342e-1c92-4caa-947f-b7a896b93004
- msft-kb4516070-106c21bb-e967-4b37-8806-00a071bd3198
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center