A Cisco Talos researcher discovered this vulnerability. Blog by Jon Munshaw.
Cisco Talos recently discovered two issues in two implementations of Microsoft Remote Desktop Services: a denial-of-service vulnerability that affects Windows 7/Windows Server 2008 (when RDP 8.0 is enabled), Windows 8/Server 2012, and Windows 10/Server 2016. The Remote Desktop Protocol is used by Remote Desktop Services in order to allow a user or administrator to take control of a remote machine via a network connection. The denial-of-service vulnerability exists after the connection setup when one is able to perform the license exchange, and the information leak vulnerabilities exist during the connection setup of the process where the client and the server negotiate various aspects relevant to the session They could be exploited by an attacker to cause a denial of service or leak information, respectively. Microsoft disclosed these issues as part of December’s Patch Tuesday. For more on the company’s latest security updates, check out Talos’ full blog here, and our Snort coverage here.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Microsoft to ensure that these issues are resolved and that an update is available for affected customers. Microsoft is providing a patch for all of the affected versions of Windows with regards to the denial of service vulnerability but has declined to provide a patch for the Windows XP vulnerability due to the fact that it is out of support. It is recommended that users of Windows XP upgrade to a more recent operating system.
Vulnerability details
Microsoft Remote Desktop Services (RDP8) license negotiation denial-of-service vulnerability (TALOS-2019-0901/CVE-2019-1453) An exploitable denial-of-service vulnerability exists in the RDP8 implementation of Microso ..
Support the originator by clicking the read the rest link below.
