CVE-2016-0019
published 2016-01-13CVE-2016-0019: The Remote Desktop Protocol (RDP) service implementation in Microsoft Windows 10 Gold and 1511 allows remote attackers to bypass intended access restrictions…
PriorityP354high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
12.54%
95.7th percentile
The Remote Desktop Protocol (RDP) service implementation in Microsoft Windows 10 Gold and 1511 allows remote attackers to bypass intended access restrictions and establish sessions for blank-password accounts via a modified RDP client, aka "Windows Remote Desktop Protocol Security Bypass Vulnerability."
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| msrc | windows_10_for_32-bit_systems | — | — |
| msrc | windows_10_for_x64-based_systems | — | — |
| msrc | windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | windows_10_version_1511_for_x64-based_systems | — | — |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
VMware Workstation and Fusion updates address critical out-of-bounds memory access vulnerability
vendor_vmware·2016-11-13·CVSS 8.8
CVE-2016-7461 [HIGH] VMware Workstation and Fusion updates address critical out-of-bounds memory access vulnerability
VMSA-2016-0019: VMware Workstation and Fusion updates address critical out-of-bounds memory access vulnerability
a. VMware Workstation and Fusion out-of-bounds memory access vulnerability The drag-and-drop (DnD) function in VMware Workstation and Fusion has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.
CVEs: CVE-2016-7461
Affected products: ESXi, Fusion Pro, VMware Fusion, VMware Workstation, Workstation Player, Workstation Pro
Microsoft
CVE-2016-0019: Impact: Security Feature Bypass
Exploit Status: Publicly Disclosed:No;Exploited:No
vendor_msrc·2016-01-12·CVSS 8.1
CVE-2016-0019 [HIGH] CVE-2016-0019: Impact: Security Feature Bypass
Exploit Status: Publicly Disclosed:No;Exploited:No
Impact: Security Feature Bypass
Exploit Status: Publicly Disclosed:No;Exploited:No
GHSA
GHSA-g267-2c4w-9f6x: The Remote Desktop Protocol (RDP) service implementation in Microsoft Windows 10 Gold and 1511 allows remote attackers to bypass intended access restr
ghsa_unreviewed·2022-05-14
CVE-2016-0019 [HIGH] GHSA-g267-2c4w-9f6x: The Remote Desktop Protocol (RDP) service implementation in Microsoft Windows 10 Gold and 1511 allows remote attackers to bypass intended access restr
The Remote Desktop Protocol (RDP) service implementation in Microsoft Windows 10 Gold and 1511 allows remote attackers to bypass intended access restrictions and establish sessions for blank-password accounts via a modified RDP client, aka "Windows Remote Desktop Protocol Security Bypass Vulnerability."
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - January 2016
blogs_talos·2016-01-12·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - January 2016
The first Patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is relatively light with nine bulletins addressing 25 vulnerabilities. Six bulletins are rated critical and address vulnerabilities in Edge, Internet Explorer, JScript/VBScript, Office, Silverlight, and Windows. The remaining three bulletins are rated important and address vulnerabilities in Exchange and several parts of Windows.
### Bulletins Rated Critical Microsoft bulletins MS16-001 through MS16-0006 are rated as critical in this month's release.
MS16-001 and MS16-002 are this month's Internet Explorer and Edge security bulletin respectively. In total, four vulnerabilities were addre
Talos
Microsoft Patch Tuesday - January 2016
blogs_talos·2016-01-12·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - January 2016
## Microsoft Patch Tuesday - January 2016
The first Patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is relatively light with nine bulletins addressing 25 vulnerabilities. Six bulletins are rated critical and address vulnerabilities in Edge, Internet Explorer, JScript/VBScript, Office, Silverlight, and Windows. The remaining three bulletins are rated important and address vulnerabilities in Exchange and several parts of Windows.
## Bulletins Rated Critical Microsoft bulletins MS16-001 through MS16-0006 are rated as critical in this month's release.
MS16-001 and MS16-002 are this month's Internet Explorer and Edge security bulletin respectively.
2016-01-13
Published