CVE-2019-1224

HIGH EXPLOITED IN THE WILD RANSOMWARE

Windows 10 and Windows Server 2016/2019 - Information Disclosure in RDP Server

Title source: llm

Exploitation Summary

CVE-2019-1224 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io), including in ransomware campaigns.

Description

An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows RDP server initializes memory.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1224

Scores

CVSS v3 7.5

EPSS 0.0760

EPSS Percentile 93.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2021-08-19

InTheWild.io 2021-02-15

Ransomware Use Confirmed

CWE

CWE-200

Status published

Products (6)

microsoft/windows_10 1803

microsoft/windows_10 1809

microsoft/windows_10 1903

microsoft/windows_server_2016 1803

microsoft/windows_server_2016 1903

microsoft/windows_server_2019

Published Aug 14, 2019

Tracked Since Feb 18, 2026