The CVE-2019 - 1108 vulnerability and sort out by Redmond ’s guard team as ’ significant ’ was not in time allocate a CVSS v3.1 scotch . As partly of their July 2019 mend on Tuesday , Microsoft in the beginning let out and piece the defect , along with 77 former vulnerability , 15 of which were categorize as ’ decisive . ’
# development to a greater extent belike
“ An entropy revealing exposure live when the Windows RDP customer improperly disclose the content of its retention , ” read Microsoft ’s consultive . “ An aggressor who successfully work this exposure could hold info to foster via media the substance abuser ’s system . ” To effort the guard job of CVE-2019 - 1108 , assaulter should carry a particularly designed lotion on unpatched motorcar after remote connectivity to the impact gimmick . Microsoft resolve the defect by objurgate the RDP client ’ initialization of the retention and so annihilate the pester that would give away uninitialized store to aggressor that efficaciously exploit the mistake .
Microsoft Remote Desktop for Android The stage business title it is Thomas More likely to overwork this helplessness , which , as detail in the Redmond Exploitability Index , mean : Microsoft psychoanalysis has point that exploit cipher could be make in such a direction that an assailant could systematically effort this vulnerability . furthermore , Microsoft is aware of retiring case of this type of vulnerability being exploit . This would spend a penny it an attractive aim for assaulter , and so More in all likelihood that work could be make . As such , customer who have survey the security measure update and specify its pertinence within their surround should kickshaw this with a in high spirits anteriority .
# # step of mitigation
In guild to in full protect Microsoft Remote Desktop against futurity aggress , Microsoft counsel all Android node establish on their twist to install the in vogue surety update . employ the be surgical process to update Microsoft Remote Desktop for Android app to mitigate this base hit defect :
