Remote Code Execution Vulnerability in Windows Remote Desktop Client
Severity Rating: High
Software Affected:
Windows 10 for 32-bit & x64-based Systems
Windows 10 Version 1607 for 32-bit & x64-based Systems
Windows 10 Version 1709 for 32-bit,x64-based & ARM64-based Systems
Windows 10 Version 1803 for 32-bit,x64-based & ARM64-based Systems
Windows 10 Version 1809 for 32-bit,x64-based & ARM64-based Systems
Windows 10 Version 1903 for 32-bit,x64-based & ARM64-based Systems
Windows 10 Version 1909 for 32-bit,x64-based & ARM64-based Systems
Windows 10 Version 2004 for 32-bit,x64-based & ARM64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for x64-based Systems SP1 & Server Core installation
Windows Server 2012 & Server Core installation
Windows Server 2012 R2 & Server Core installation
Windows Server 2016 & Server Core installation
Windows Server 2019 & Server Core installation
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows Server, version 2004 (Server Core installation)
Overview:
A remote code execution vulnerability has been reported in Microsoft
Windows Remote Desktop Client which could allow an attacker to execute
arbitrary code on the targeted system.
Description
This vulnerability exists in Windows Remote Desktop Client due to improper
handling the connection requests by the affected Windows Remote Desktop
Client. A remote attacker could exploit this vulnerability by compromising
a legitimate server, hosting malicious code on it, and convincing the user
to connect to the malicious server.
Successful exploitation of this vulnerability could execute arbitrary code
on the targeted system.
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin:
Vendor Information
Microsoft
References:
Microsoft
- -1374
CVE Name
CVE-2020-1374
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.