CVE-2019-1225
HIGH EXPLOITED IN THE WILD RANSOMWAREWindows 10 and Windows Server 2016/2019 - Information Disclosure via RDP Server Memory Initialization
Title source: llmExploitation Summary
CVE-2019-1225 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io), including in ransomware campaigns.
Description
An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows RDP server initializes memory.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1225
Scores
CVSS v3
7.5
EPSS
0.0950
EPSS Percentile
94.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
VulnCheck KEV
2021-08-19
InTheWild.io
2021-02-15
Ransomware Use
Confirmed
CWE
CWE-200
Status
published
Products (6)
microsoft/windows_10
1803
microsoft/windows_10
1809
microsoft/windows_10
1903
microsoft/windows_server_2016
1803
microsoft/windows_server_2016
1903
microsoft/windows_server_2019
Published
Aug 14, 2019
Tracked Since
Feb 18, 2026