Remote Desktop Client Remote Code Execution Vulnerability. (CVE-2020-0734, CVE-2020-0681)


In the month of February,2020, among MSPT, a remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. On account of this vulnerability, an attacker could execute arbitrary code as well as compromise a legitimate server and perform CnC operation.


An attacker would need to have control of a Remote Desktop server and then convince a user to connect to it., as it is a client compromise.

An attacker could then install programs and manipulate the data or create legitimate accounts with full user rights. Tricks such as social engineering, DNS poisoning or using a Man in the Middle (MITM) technique would be enough to exploit this vulnerability.

Affected Products:

Microsoft Windows 10

Microsoft Windows 8.1

Microsoft Windows Server 2016, 2019

Microsoft Windows 7



Microsoft has released the multiple security updates to address this issue.

Qualys customers can scan their network with QID(s)# 91605 to detect vulnerable assets. Kindly continue to follow on Qualys Threat Protection for more coverage on vulnerabilities.

References & Sources:


Leave a Reply

Your email address will not be published. Required fields are marked *