Wormable vulnerabilities in Windows Remote Desktop Services

August 16, 2019

Microsoft patched new wormable vulnerabilities in Windows Remote desktop Services on August 13th.
Following is the description and coverage:
CVE-2019-1181
A remote code execution vulnerability exists in Remote Desktop formerly known as Terminal Services, when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Remote Desktop Services Remote Code Execution Vulnerability’.
CVE-2019-1182
A remote code execution vulnerability exists in Remote Desktop Services, formerly known as Terminal Services ; when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Remote Desktop Services Remote Code Execution Vulnerability’

CVE-2019-1224 and CVE-2019-1225
An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory, aka ‘Remote Desktop Protocol Server Information Disclosure Vulnerability

SonicWall Capture Labs Threat Research Team has analyzed and addressed these vulnerabilities with following signatures.
IPS 14356 : Windows Remote Desktop Services Remote Code Execution (AUG 19) 1
IPS 14357 : Windows Remote Desktop Services Remote Code Execution (AUG 19) 2
IPS 14354 : Remote Desktop Protocol Server Information Disclosure Vulnerability (AUG 19) 1