Rewterz Threat Advisory – CVE 2019-1125 – SWAPGS Spectre Side-Channel Vulnerability
August 8, 2019Rewterz Threat Advisory – Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
August 8, 2019Rewterz Threat Advisory – CVE 2019-1125 – SWAPGS Spectre Side-Channel Vulnerability
August 8, 2019Rewterz Threat Advisory – Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
August 8, 2019Severity
Medium
Analysis Summary
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection. An attacker who successfully exploited this vulnerability could execute arbitrary code on the victim system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker must already have compromised a system running Remote Desktop Services, and then wait for a victim system to connect to Remote Desktop Services.
Impact
Privilege escalation
Affected Vendors
Microsoft
Remediation
Please see vendor’s advisory for more details of updates/patches.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0887