SB2019091035 - Multiple vulnerabilities in Windows Remote Desktop (RDP) Client

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2019-1290)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of untrusted input within the Windows Remote Desktop Client when a user connects to a malicious server. A remote attacker can execute arbitrary code on the target system.

2) Input validation error (CVE-ID: CVE-2019-1291)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of untrusted input within the Windows Remote Desktop Client when a user connects to a malicious server. A remote attacker can execute arbitrary code on the target system.

3) Input validation error (CVE-ID: CVE-2019-0787)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of untrusted input within the Windows Remote Desktop Client when a user connects to a malicious server. A remote attacker can execute arbitrary code on the target system.

4) Input validation error (CVE-ID: CVE-2019-0788)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of untrusted input within the Windows Remote Desktop Client when a user connects to a malicious server. A remote attacker can execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1290
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1291
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0787
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0788