Summary:
In the month of February,2020, among MSPT, a remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. On account of this vulnerability, an attacker could execute arbitrary code as well as compromise a legitimate server and perform CnC operation.
Description:
An attacker would need to have control of a Remote Desktop server and then convince a user to connect to it., as it is a client compromise.
An attacker could then install programs and manipulate the data or create legitimate accounts with full user rights. Tricks such as social engineering, DNS poisoning or using a Man in the Middle (MITM) technique would be enough to exploit this vulnerability.
Affected Products:
Microsoft Windows 10
Microsoft Windows 8.1
Microsoft Windows Server 2016, 2019
Microsoft Windows 7
Advisory:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0681
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0734
Mitigation:
Microsoft has released the multiple security updates to address this issue.
Qualys customers can scan their network with QID(s)# 91605 to detect vulnerable assets. Kindly continue to follow on Qualys Threat Protection for more coverage on vulnerabilities.
References & Sources:
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0734%20,%20https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0681
