An attacker can exploit this vulnerability by persuading an administrator to install a malicious network share and then logging in to the system and viewing or modifying that share. An attacker can also exploit this vulnerability by convincing an administrator to install a malicious network share and then view or modify that share. This issue cannot be exploited when Windows is installed on a local hard drive. Additionally, when running Windows in a virtual environment, this issue can be exploited through other means.
CVE-2017-1181: Microsoft Office Remote Code Execution Vulnerability.
An attacker can exploit this vulnerability by convincing an administrator to install a malicious Word, Excel, PowerPoint, or Outlook on a network share and then view or modify that share. This issue cannot be exploited when Windows is installed on a local hard drive. Additionally, when running Windows in a virtual environment, this issue can be exploited through other means.
CVE-2017-1182: Remote Code Execution Vulnerability in Windows DNS.
An attacker can exploit this vulnerability by spoofing DNS requests to obtain sensitive information. This issue cannot be exploited when Windows is installed on a local hard drive. Additionally, when running Windows in a virtual environment, this issue can be exploited through other means.
CVE-2017-1183: Remote Code Execution Vulnerability in RD Gateway.
Researching Microsoft Windows Software Updates
If Windows is installed on a local hard drive, this issue cannot be exploited through other means. If Windows is not installed on a local hard drive, Microsoft has released an update to address this vulnerability.
Microsoft Edge
Security Feature
An attacker can exploit this vulnerability by convincing an administrator to install a malicious network share and then view or modify that share. This issue cannot be exploited when Windows is installed on a local hard drive. Additionally, when running Windows in a virtual environment, this issue can be exploited through other means.
Outlook Remote Code Execution Vulnerability
An attacker can exploit this vulnerability by convincing an administrator to install a malicious network share and then view or modify that share. This issue cannot be exploited when Windows is installed on a local hard drive. Additionally, when running Windows in a virtual environment, this issue can be exploited through other means.
Limitations and requirements
The following components need to be present in order to exploit this vulnerability:
* Windows XP x64 or x86
* Remote Desktop Client (RDC)
* Remote Desktop Protocol (RDP)
* RD Gateway
Timeline
Published on: 01/11/2022 21:15:00 UTC
Last modified on: 05/23/2022 17:29:00 UTC