Microsoft has patched the critical vulnerability on Android Remote Desktop application
Not long ago, Microsoft released a security recommendation, which details the vulnerability that could cause data leakage, which previously only directly affected Windows Remote Desktop Protocol clients, But now has affected the Microsoft Remote Desktop application for Android operating system.
This vulnerability is currently monitored with CVE-2019-1108 identifiers, and dangerous ratings at the 'Important' level, but it is unclear why the security team has not yet assigned CVSS v3 scores. first.
- Leaked the Stable version of Microsoft Edge browser using Chromium kernel, invited to download and experience
The vulnerability is currently monitored with the CVE-2019-1108 identifier
Microsoft has revealed details about the vulnerability and almost immediately released a patch with Patch Tuesday update July 2019, along with a patch of 77 other vulnerabilities, 15 of which are classified at 'Critical'.
The potential for exploits is wide
'Information leak vulnerabilities exist when Windows RDP clients reveal incorrect content in its memory. The attacker could completely exploit this vulnerability, and if successful, they could hold the amount of information needed to deploy even more complex attacks on the victim's system, maybe even Take control of the system ', Microsoft's security recommendation stated.
To be able to successfully exploit this CVE-2019-1108 vulnerability, attackers will have to run a specially crafted application on devices that have not received the patch from Microsoft, after successfully setting up. Remote connection with the target system.
- Windows 10 Update again failed, unable to install the update, automatically reboot
Microsoft solved the flaw by revising the way the RDP client initializes memory, thereby eliminating the uninitialized memory leak for attackers - a factor that helps hackers successfully exploit. gap.
The Microsoft emulator analysis showed that the exploit code could be created by an attacker completely consistent with the vulnerability characteristics. Furthermore, Microsoft has just gathered a limited number of necessary information about successful exploits for these vulnerabilities reported. This will make the CVE-2019-1108 an attractive target for attackers, and therefore, it is likely that actual exploits methods have also been created. Therefore, users of Android Remote Desktop service should update their Windows to the latest version to minimize any possible risks.
- More than 40 Windows drivers contain dangerous privilege escalation vulnerabilities
Android Remote Desktop users should update their application to the latest version
Measures to minimize the impact from vulnerabilities
Microsoft recommends that all Android customers who have installed Microsoft Remote Desktop Android on their device install the latest security updates to be fully protected from future attacks.
- Windows Defender is one of the best antivirus applications in the world
Microsoft Remote Desktop for Android
In addition, users can also update their Microsoft Remote Desktop Android application to minimize the impact of this security vulnerability. The update process is as follows:
- Click on the Google Play icon on your main screen to access the app store.
- Swipe in from the left edge of the screen.
- Click My apps & games.
- Click the Update dialog box that appears next to the Remote Desktop application.
Microsoft Remote Desktop application on Play Store
You should read it
- The security risks of RDP
- Leaks information about Microsoft's new Remote Desktop application
- Instructions for activating and using Remote Desktop on Windows 10 computers
- How to enable and use Remote Desktop on Windows 11
- Microsoft warns of Windows BlueKeep attacks
- How to Hear Audio from the Remote PC when Using Remote Desktop
- Troubleshoot Remote Desktop problems
- Instructions to change the Remote Desktop port
- The difference between Remote Desktop (RDP) and VPN
- Many serious vulnerabilities have been discovered that allow attackers to take full control of the 4G router
- A serious security error appeared on Android that allowed hackers to control smartphones through a photo
- Microsoft Remote Desktop for iOS has a major update with many worthwhile changes
Maybe you are interested
What is Microsoft Azure Certification?
Cybercriminals are using Microsoft Teams calls to commit fraud
Microsoft officially supports sharing files from iPhone to Windows using Phone Link application
Microsoft 365 Android PDF Viewer shows ads, even with subscription
10 Useful Table Formatting Tips in Microsoft Word
Here's everything Microsoft knows about your PC!