Windows 7/8 32bits and WS2012 RDP Remote Code Execution

2015.07.15
Credit: Anonymous
Risk: High
Local: No
Remote: Yes
CWE: CWE-19


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

The vulnerability could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system with the Remote Desktop Protocol (RDP) server service enabled. By default, the RDP server service is not enabled on any Windows operating system. Systems that do not have the RDP server service enabled are not at risk. This security update is rated Critical for Windows 7 for 32-bit Systems and Windows 8 for 32-bit Systems. Vulnerability Information A remote code execution vulnerability exists in how the Remote Desktop Protocol (RDP) (terminal) service handles packets. While the most likely outcome of this vulnerability is denial of the remote desktop (terminal) service (DOS), remote code execution is possible. To exploit the vulnerability, an attacker could send a specially crafted sequence of packets to a system running the RDP server service. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerability by modifying how the terminal service handles packets. Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. More: https://technet.microsoft.com/en-us/library/security/MS15-067

References:

https://technet.microsoft.com/en-us/library/security/MS15-067
https://support.microsoft.com/en-us/kb/3073094


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top