A remote code execution vulnerability has been discovered in the version of RDC (Remote Desktop Client) running on Windows 7 Service Pack 1 systems. This vulnerability allows an attacker to remotely execute code on the system with privileged access to the system. This vulnerability is the result of RDC improperly handling the parsing of certain specially crafted network traffic. An attacker could exploit this vulnerability by sending specially crafted network traffic to the RDC server and convincing a user to interact with the malicious network traffic.
This vulnerability appears to be unique to Windows 7 Service Pack 1 systems and is not present in Windows XP or Windows Server 2008 systems. Therefore, IT professionals will want to ensure that all of their RDC-enabled systems are running Windows 7 Service Pack 1.
A patch has been released from Microsoft to address this vulnerability. Microsoft recommends that all users apply this patch as soon as possible. End users should ensure that their RDC-enabled systems are running Windows 7 Service Pack 1.

Vulnerability Description

A remote code execution vulnerability has been discovered in the version of RDC (Remote Desktop Client) running on Windows 7 Service Pack 1 systems. This vulnerability allows an attacker to remotely execute code on the system with privileged access to the system. This vulnerability is the result of RDC improperly handling the parsing of certain specially crafted network traffic. An attacker could exploit this vulnerability by sending specially crafted network traffic to the RDC server and convincing a user to interact with the malicious network traffic.
This vulnerability appears to be unique to Windows 7 Service Pack 1 systems and is not present in Windows XP or Windows Server 2008 systems. Therefore, IT professionals will want to ensure that all of their RDC-enabled systems are running Windows 7 Service Pack 1.
A patch has been released from Microsoft to address this vulnerability. Microsoft recommends that all users apply this patch as soon as possible.

Summary of This Vulnerability

A remote code execution vulnerability has been discovered in the version of RDC (Remote Desktop Client) running on Windows 7 Service Pack 1 systems. This vulnerability allows an attacker to remotely execute code on the system with privileged access to the system. An attacker could exploit this vulnerability by sending specially crafted network traffic to the RDC server and convincing a user to interact with the malicious network traffic.
This vulnerability appears to be unique to Windows 7 Service Pack 1 systems and is not present in Windows XP or Windows Server 2008 systems. Therefore, IT professionals will want to ensure that all of their RDC-enabled systems are running Windows 7 Service Pack 1.
A patch has been released from Microsoft to address this vulnerability. Microsoft recommends that all users apply this patch as soon as possible. End users should ensure that their RDC-enabled systems are running Windows 7 Service Pack 1.>>END>>

CVE-2023-22017

A remote code execution vulnerability has been discovered in the version of RDC (Remote Desktop Client) running on Windows Embedded Standard 7 systems. This vulnerability allows an attacker to remotely execute code on the system with privileged access to the system. This vulnerability is the result of RDC improperly handling the parsing of certain specially crafted network traffic. An attacker could exploit this vulnerability by sending specially crafted network traffic to the RDC server and convincing a user to interact with the malicious network traffic.
This vulnerability appears to be unique to Windows Embedded Standard 7 systems and is not present in Windows XP or Windows Server 2008 systems. Therefore, IT professionals will want to ensure that all of their RDC-enabled systems are running Windows Embedded Standard 7.
A patch has been released from Microsoft to address this vulnerability. Microsoft recommends that all users apply this patch as soon as possible. End users should ensure that their RDC-enabled systems are running Windows Embedded Standard 7.

Timeline

Published on: 05/10/2022 21:15:00 UTC
Last modified on: 05/18/2022 18:15:00 UTC

References