Remote Desktop Services Remote Code Execution Vulnerability
Avigilon is currently monitoring and has reviewed the impact of the recently announced Remote Desktop Services Remote Code Execution Vulnerability, CVE-2019-1181 and CVE-2019-1182 issued by Microsoft. The vulnerability affects Windows 10, Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, Windows Server 2016, Windows Server 2019 and Windows Server versions 1803 and 1903.
Likelihood and Impact
Avigilon has assessed this vulnerability and determined the security risk to Avigilon systems operated by our customers is low as Avigilon products ship with remote desktop protocol (RDP) disabled by default. As a result, if operated as originally configured, Avigilon's network video recorders and high definition video appliances should not be affected by this vulnerability.
Customer Mitigation Strategy
As a best practice, Avigilon recommends that all customers running Avigilon Control Center™ software on Windows ensure their system is protected by running Windows Update and confirming that the latest security updates are installed. Specifically, anyone running the above mentioned Windows systems should consult Microsoft's security guidance on CVE-2019-1181 and CVE-2019-1182 for those operating systems.