CVE-2016-0019 — Microsoft Windows 10 vulnerability

CWE-2546 documents5 sources

Severity

8.1HIGHNVD

EPSS

9.9%

top 6.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Msrc Windows 10 FOR 32-bit Systems Msrc Windows 10 FOR X64-based Systems +2 more

Timeline

PublishedJan 13

Latest updateMay 14

Description

The Remote Desktop Protocol (RDP) service implementation in Microsoft Windows 10 Gold and 1511 allows remote attackers to bypass intended access restrictions and establish sessions for blank-password accounts via a modified RDP client, aka "Windows Remote Desktop Protocol Security Bypass Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages5 packages

▶NVDmicrosoft/windows_101511

▶msrcmsrc/windows_10_version_1511_for_32-bit_systems

▶msrcmsrc/windows_10_version_1511_for_x64-based_systems

▶msrcmsrc/windows_10_for_32-bit_systems

▶msrcmsrc/windows_10_for_x64-based_systems

🔴Vulnerability Details

GHSA

GHSA-g267-2c4w-9f6x: The Remote Desktop Protocol (RDP) service implementation in Microsoft Windows 10 Gold and 1511 allows remote attackers to bypass intended access restr↗2022-05-14

▶

📋Vendor Advisories

VMware

VMware Workstation and Fusion updates address critical out-of-bounds memory access vulnerability↗2016-11-13

▶

Microsoft

CVE-2016-0019: Impact: Security Feature Bypass Exploit Status: Publicly Disclosed:No;Exploited:No↗2016-01-12

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - January 2016↗2016-01-12

▶

Talos

Microsoft Patch Tuesday - January 2016↗2016-01-12

▶