CVE-2014-0296 — Microsoft Windows Server 2012 vulnerability

CWE-3104 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

29.9%

top 3.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2012

Timeline

PublishedJun 11

Latest updateMay 14

Description

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly encrypt sessions, which makes it easier for man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify session content by sending crafted RDP packets, aka "RDP MAC Vulnerability."

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-f7vq-648f-8pfh: The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8↗2022-05-14

▶

🕵️Threat Intelligence

Talos

Microsoft Update Tuesday June 2014: Internet Explorer, Internet Explorer, Internet Explorer↗2014-06-10

▶

Talos

Microsoft Update Tuesday June 2014: Internet Explorer, Internet Explorer, Internet Explorer↗2014-06-10

▶