CVE-2020-0681 — Improper Input Validation in Microsoft Windows
Severity
8.8HIGHNVD
NVD7.5CNA7.5
EPSS
6.2%
top 9.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 11
Latest updateMay 24
Description
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0734.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9
Affected Packages10 packages
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-g4hw-72p4-g688: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie↗2022-05-24
GHSA▶
GHSA-g66c-25c2-m5h7: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie↗2022-05-24
CVEList▶
CVE-2020-0734: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie↗2020-02-11
CVEList▶
CVE-2020-0681: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie↗2020-02-11
📋Vendor Advisories
1🕵️Threat Intelligence
7Tenable▶
Microsoft’s February 2020 Patch Tuesday Addresses 99 CVEs Including Internet Explorer Zero-Day (CVE-2020-0674)↗2020-02-11
Qualys▶
February 2020 Patch Tuesday – 99 Vulns, 12 Critical, Patch for IE 0-Day, Exchange Vuln, Adobe Vulns↗2020-02-11
Qualys▶
February 2020 Patch Tuesday – 99 Vulns, 12 Critical, Patch for IE 0-Day, Exchange Vuln, Adobe Vulns | Qualys↗2020-02-11