New Search

Remote Desktop Client Remote Code Execution Vulnerability - CVE-2019-1333


A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view change or delete data; or create new accounts with full user rights. To exploit this vulnerability an attacker would need to have control of a server and then convince a user to connect to it. An attacker would have no way of forcing a user to connect to the malicious server they would need to trick the user into connecting via social engineering DNS poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a legitimate server host malicious code on it and wait for the user to connect. The update addresses the vulnerability by correcting how the Windows Remote Desktop Client handles connection requests.

  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2012
  • Microsoft Windows 8.1
  • Microsoft Windows 7
  • Microsoft Windows Server 2016
  • Microsoft Windows 10
  • Microsoft Windows Server 2019
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012 R2
  • CVE-2019-1333
  • MSRC-CVE-2019-1333
  • KB4520003
  • KB4520009
  • KB4519985
  • KB4519990
  • KB4520011
  • KB4519998
  • KB4520010
  • KB4520004
  • KB4520008
  • KB4519338
  • KB4517389