Microsoft has released a security bulletin for this issue. The report mentions that an elevation of privilege vulnerability exists in Windows when the Remote Desktop client fails to properly handle RDP packets with specially crafted PWD lengths. Remote attackers on the targeted system with access to the Remote Desktop client could exploit this vulnerability to gain elevated privileges on the remote system. In addition to this, Microsoft has also released a security advisory for this issue. Microsoft has provided the following workarounds for this issue: - Edit the RDP settings in Windows to disable the ‘PWD length’ check - Disable RDPv1 and RDPv2 on a per-service basis - Disable RDP connections to endpoints running legacy versions - Disable RDP connections to endpoints using specific ports - Disable RDP connections to specific IP addresses - Disable RDP connections at the firewall - Enable Kerberos authentication on RDP connections
Microsoft has published a Knowledge Base Article for this issue
Microsoft has published a Knowledge Base article for this issue. A security bulletin was also released as well as a security advisory. Microsoft has provided a number of workarounds for this issue and recommends that end users take the recommended steps to protect their computers from this vulnerability.
Microsoft Windows RDP Security Bypass - CVE-2022 -21901
This vulnerability could allow attackers to gain elevated privileges on the remote system. Microsoft has released a security advisory for this issue, which can be found below.
Microsoft Windows RDP Security Bypass - CVE-2022-21901
A security feature bypass exists when the Remote Desktop client fails to properly handle RDP packets with specially crafted PWD lengths. Remote attackers on the targeted system with access to the Remote Desktop client could exploit this vulnerability to gain elevated privileges on the remote system.
Microsoft has released a security bulletin for this issue
Microsoft has released a security bulletin for this issue. The report mentions that an elevation of privilege vulnerability exists in Windows when the Remote Desktop client fails to properly handle RDP packets with specially crafted PWD lengths. Remote attackers on the targeted system with access to the Remote Desktop client could exploit this vulnerability to gain elevated privileges on the remote system. In addition to this, Microsoft has also released a security advisory for this issue. Microsoft has provided the following workarounds for this issue: - Edit the RDP settings in Windows to disable the ‘PWD length’ check - Disable RDPv1 and RDPv2 on a per-service basis - Disable RDP connections to endpoints running legacy versions - Disable RDP connections to endpoints using specific ports - Disable RDP connections to specific IP addresses - Disable RDP connections at the firewall - Enable Kerberos authentication on RDP connections
Microsoft has issued the following warning for this issue
Microsoft has been made aware of a vulnerability in Remote Desktop that can be exploited by malicious users to gain elevated privileges on the remote system. This vulnerability is documented in CVE-2022-21901.
This vulnerability is not exploitable remotely, but it could allow an attacker with physical access to the remote system to exploit it locally. It's important for you to take steps to ensure that your systems are configured appropriately to prevent this vulnerability from being exploited. If you receive any reports from end users of suspicious behavior related to this vulnerability, please contact your local support team for further assistance.
Timeline
Published on: 01/11/2022 21:15:00 UTC
Last modified on: 05/23/2022 17:29:00 UTC