Security
Headlines
HeadlinesLatestCVEs

Tag

#Windows Remote Desktop

CVE-2024-43582: Remote Desktop Protocol Server Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** To exploit this vulnerability, an unauthenticated attacker would need to send malformed packets to a RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.

Microsoft Security Response Center
#vulnerability#rce#auth#Windows Remote Desktop#Security Vulnerability
CVE-2024-38076: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

The following mitigation may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you plan to leave Remote Desktop Licensing Service disabled: **1\. Disable Remote Desktop Licensing Service if is not required.** If you no longer need this service on your system, consider disabling it as a security best practice. Disabling unused and unneeded services helps reduce your exposure to security vulnerabilities.

CVE-2023-35332: Windows Remote Desktop Protocol Security Feature Bypass

**What security feature is bypassed with this vulnerability?** The RDP Gateway protocol is enforcing the usage of Datagram Transport Layer Security (DTLS) version 1.0, which is a deprecated (RFC 8996) protocol with known vulnerabilities. An attacker with a machine-in-the-middle (MitM) position who successfully exploited this vulnerability could compromise the confidentiality and integrity of data when the targeted user connects to a trusted server.

CVE-2023-32043: Windows Remote Desktop Security Feature Bypass Vulnerability

**What security feature is being bypassed?** An attacker with a machine-in-the-middle (MitM) position who successfully exploited this vulnerability could bypass the certificate validation performed when a targeted user connects to a trusted server.

CVE-2023-35352: Windows Remote Desktop Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited the vulnerability could bypass certificate or private key authentication when establishing a remote desktop protocol session.

CVE-2023-35352: Windows Remote Desktop Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited the vulnerability could bypass certificate or private key authentication when establishing a remote desktop protocol session.

CVE-2023-35332: Windows Remote Desktop Protocol Security Feature Bypass

**What security feature is bypassed with this vulnerability?** The RDP Gateway protocol is enforcing the usage of Datagram Transport Layer Security (DTLS) version 1.0, which is a deprecated (RFC 8996) protocol with known vulnerabilities. An attacker with a machine-in-the-middle (MitM) position who successfully exploited this vulnerability could compromise the confidentiality and integrity of data when the targeted user connects to a trusted server.

CVE-2023-32043: Windows Remote Desktop Security Feature Bypass Vulnerability

**What security feature is being bypassed?** An attacker with a machine-in-the-middle (MitM) position who successfully exploited this vulnerability could bypass the certificate validation performed when a targeted user connects to a trusted server.

CVE-2022-22015: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.

CVE-2022-23285: Remote Desktop Client Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.