Remote Desktop Client Remote Code Execution Vulnerability. (CVE-2020-0734, CVE-2020-0681)

Summary:

In the month of February,2020, among MSPT, a remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. On account of this vulnerability, an attacker could execute arbitrary code as well as compromise a legitimate server and perform CnC operation.

Description:

An attacker would need to have control of a Remote Desktop server and then convince a user to connect to it., as it is a client compromise.

An attacker could then install programs and manipulate the data or create legitimate accounts with full user rights. Tricks such as social engineering, DNS poisoning or using a Man in the Middle (MITM) technique would be enough to exploit this vulnerability.

Affected Products:

Microsoft Windows 10

Microsoft Windows 8.1

Microsoft Windows Server 2016, 2019

Microsoft Windows 7

Advisory:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0681

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0734

Mitigation:

Microsoft has released the multiple security updates to address this issue.

Qualys customers can scan their network with QID(s)# 91605 to detect vulnerable assets. Kindly continue to follow on Qualys Threat Protection for more coverage on vulnerabilities.

References & Sources:

  • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0734%20,%20https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0681

Leave a Reply

Your email address will not be published. Required fields are marked *