This can happen if a user has multiple remote desktop sessions open at the same time. The licensing software in these instances may end up disclosing a remote user’s information to a different remote user.
An attacker can exploit this vulnerability by sending a malicious email to a user with remote session enabled. The user could click on the malicious link and open a remote session to a malicious website. The attacker could conceivably exploit this vulnerability by opening a remote session to a malicious website and then sending the user a malicious email with a remote session.
Mitigation Strategies
This vulnerability can be mitigated by not opening a remote session from an email, or by setting your remote desktop software to only allow certain IP addresses.
Vulnerability Warning: CVE-2022-21964
Due to the vulnerability, you should consider disabling remote sessions on your computer until a patch is available. This vulnerability may be exploited by malicious emails with remote session enabled and could result in information disclosure.
CVE-2022-22059
This can happen if a user has multiple remote desktop sessions open at the same time. The licensing software in these instances may end up disclosing a remote user’s information to a different remote user.
An attacker can exploit this vulnerability by sending a malicious email to a user with remote session enabled. The user could click on the malicious link and open a remote session to a malicious website. The attacker could conceivably exploit this vulnerability by opening a remote session to a malicious website and then sending the user a malicious email with a remote session.
Users are warned that "CVE-2022-21964 is mitigated in Windows 10, version 1803."
Vulnerability Report - CVE-2022-2196
A vulnerability was identified in the remote desktop licensing software that is present on certain versions of Microsoft Windows and Windows Server operating systems. This vulnerability can allow an attacker to consume a license that was intended for another remote user.
The vulnerability would be exploited if a user has multiple remote desktop sessions open at the same time. Specifically, the licensing software in these instances may end up disclosing a remote user’s information to a different remote user. In general, this issue could be used by an attacker to cause unauthorized access to a specific computer or remotely read sensitive information from another computer.
Timeline
Published on: 01/11/2022 21:15:00 UTC
Last modified on: 01/21/2022 03:06:00 UTC