CVE-2023-29352

MEDIUM6.5JSON export Create alert

Description

Windows Remote Desktop Security Feature Bypass Vulnerability

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

E

Unchanged

RL

O

RC

Changed

Affected products

Microsoft / Remote Desktop client for Windows Desktop1.2.0.0 – 1.2.4337.0
Microsoft / Windows 10 Version 180910.0.17763.0 – 10.0.17763.4499
Microsoft / Windows 10 Version 21H210.0.19043.0 – 10.0.19044.3086
Microsoft / Windows 10 Version 22H210.0.19045.0 – 10.0.19045.3086
Microsoft / Windows 11 version 21H210.0.0 – 10.0.22000.2057
Microsoft / Windows 11 version 22H210.0.22621.0 – 10.0.22621.1848
Microsoft / Windows Server 201910.0.17763.0 – 10.0.17763.4499
Microsoft / Windows Server 2019 (Server Core installation)10.0.17763.0 – 10.0.17763.4499
Microsoft / Windows Server 202210.0.20348.0 – 10.0.20348.1787

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29352