CVE-2020-0660Improper Input Validation in Microsoft Windows

CWE-20Improper Input Validation8 documents7 sources
Severity
7.5HIGHNVD
EPSS
7.6%
top 8.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Microsoft WindowsMicrosoft Windows 10 Version 1903 FOR 32-bit SystemsMicrosoft Windows 10 Version 1903 FOR Arm64-based Systems+8 more
Timeline
PublishedFeb 11
Latest updateMay 24

Description

A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-m7xp-6h5p-h737: A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially2022-05-24
CVEList
CVE-2020-0660: A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially2020-02-11

📋Vendor Advisories

1
Microsoft
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability2020-02-11

🕵️Threat Intelligence

4
Trendmicro
Patch Tuesday: Fixes for LNK, RDP, and Trident2020-02-12
Tenable
Microsoft’s February 2020 Patch Tuesday Addresses 99 CVEs Including Internet Explorer Zero-Day (CVE-2020-0674)2020-02-11
Talos
Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage2020-02-11
Talos
Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage2020-02-11
CVE-2020-0660 — Improper Input Validation in Microsoft | cvebase