CVE-2020-16863

Опубликовано: 16 окт. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Средний

Описание

A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the Remote Desktop Service on the target system to stop responding.

To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Service.

The update addresses the vulnerability by correcting how Remote Desktop Service handles connection requests.

Ссылки

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16863
Patch
Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16863
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

EPSS

Процентиль: 95%

0.16524

Средний

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2020-16863

CVSS3: 7.5

msrc

больше 4 лет назад

Windows Remote Desktop Service Denial of Service Vulnerability

GHSA-69gr-hfqx-6mvx

CVSS3: 7.5

github

около 3 лет назад

A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Service Denial of Service Vulnerability'.

BDU:2020-04715

CVSS3: 7.5

fstec

больше 4 лет назад

Уязвимость службы удаленного рабочего стола Remote Desktop Services (RDS) операционных систем Windows, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 95%

0.16524

Средний

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

NVD-CWE-noinfo