Описание
Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability
FAQ
How could an attacker exploit this vulnerability?
When an Microsoft Remote Desktop app for Windows client connects to the server and the user saves the self-signed certificate, the serial number is used to compare the certificate for future use. An attacker could swap out a forged certificate with the same serial number resulting in a machine-in-the-middle (MITM) attack.
What type of information could be disclosed by this vulnerability?
An attacker who successfully exploited this vulnerability could recover plaintext from TLS-protected data.
How do I get the update for a Windows App?
The Microsoft Store will automatically update affected customers.
It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: Get updates for apps and games in Microsoft Store. Be sure to select the tab for the operating system installed on your device to search for updates.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Remote Desktop |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability
Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability
Уязвимость приложения удаленного рабочего стола Microsoft Remote Desktop app for Windows, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
5.3 Medium
CVSS3