Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2019-1333: Remote Desktop Client Remote Code Execution Vulnerability

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Microsoft CVE-2019-1333: Remote Desktop Client Remote Code Execution Vulnerability



A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to have control of a server and then convince a user to connect to it. An attacker would have no way of forcing a user to connect to the malicious server, they would need to trick the user into connecting via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a legitimate server, host malicious code on it, and wait for the user to connect. The update addresses the vulnerability by correcting how the Windows Remote Desktop Client handles connection requests.


  • msft-kb4517389-5c400e97-567b-460d-bdbd-b8f6ad298c9c
  • msft-kb4517389-b772c442-f33b-42f3-b4fd-6780110d6a53
  • msft-kb4517389-c417813c-d3db-4b44-83f8-60de59e73b91
  • msft-kb4519338-212c3c1b-d31d-4e80-a30f-ad2cddf5c7fc
  • msft-kb4519338-4dc3fc62-f0c5-47fd-b788-24c7bb43bd60
  • msft-kb4519338-effa0a42-b050-47d4-a23a-1f3f0a7a7195
  • msft-kb4519985-8448c774-0e98-4182-ab79-963ba49e33b4
  • msft-kb4519985-8a3aec2b-e0d7-44a2-938d-c02f6b274548
  • msft-kb4519985-f0d0e25e-cdb1-4823-b241-92ac2a81d3b3
  • msft-kb4519990-a2d349fe-ee2a-4a85-be00-ee8cba079e9b
  • msft-kb4519990-b8b37d2d-5063-477b-809c-baf8ce11b723
  • msft-kb4519990-e54b6ac3-a904-4687-b53b-6db63a034c57
  • msft-kb4519998-0c7eb702-e48b-48da-8ef8-e984aa6cb0b8
  • msft-kb4519998-3e345f2b-0454-4475-968e-a723d555f2fb
  • msft-kb4519998-a3faed21-d1ee-4af7-bc23-42e4de28e30c
  • msft-kb4520003-0d1c5f85-509f-4142-baa9-c9a7d22386f8
  • msft-kb4520003-4177c40d-e502-4e6c-9b95-6162fba1cec3
  • msft-kb4520003-a99aef55-9e6d-4c41-8f5b-d84b383a4f3a
  • msft-kb4520003-ba350f9c-c29f-4b6c-b51b-e3b7b3173be3
  • msft-kb4520003-eb2b689a-dab5-479f-a051-dd4ee86b98ef
  • msft-kb4520003-f6315128-ecc0-4bc5-a152-c9383a644a56
  • msft-kb4520004-173a42f8-0561-4a76-9a70-bd9cb6fa9151
  • msft-kb4520004-f72dbbef-cedb-450e-927d-05414a78aded
  • msft-kb4520008-60000a2c-bbc0-473e-a45f-db8e5d59d8f6
  • msft-kb4520008-d876d728-1f3a-4686-ac8d-9fee971d40af
  • msft-kb4520008-ff9d5ac1-9660-4a2c-8669-260891a47e33
  • msft-kb4520009-6f2b0614-8c8a-474c-b9d5-9f1ab035f1fb
  • msft-kb4520009-7c787b1f-05ba-4516-a24c-617da56d1405
  • msft-kb4520009-e97e00d7-47d2-4016-a5c1-bbe896a46d6f
  • msft-kb4520010-50f87af3-267d-4242-9ca8-ad63233c710d
  • msft-kb4520010-fe65a4a7-b1ab-44b2-9c92-16daa2ddd839
  • msft-kb4520011-13958a0a-73dc-4296-b375-8ac1cd632f1b
  • msft-kb4520011-c32b63ca-7b05-458e-aaa4-84400e2e6f1c

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center