CVE-2020-0734
published 2020-02-11CVE-2020-0734: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote…
PriorityP258high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
15.91%
96.5th percentile
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0681.
Affected
63 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation requires a user to connect to a malicious Remote Desktop Server; monitor for RDP client connections to unknown or external RDP servers as a potential indicator of exploitation attempts. ↗
- →Attacker attack vectors include social engineering, DNS poisoning, or Man-in-the-Middle (MITM) techniques to redirect RDP clients to a malicious server; monitor for DNS anomalies and unexpected RDP redirections. ↗
- →Attacker may compromise a legitimate RDP server and host malicious code on it; monitor legitimate RDP servers for unexpected code or configuration changes. ↗
- ·CVE-2020-0734 is rated 'Exploitation More Likely' for both latest and older software releases, indicating elevated risk despite no known active exploitation at time of disclosure. ↗
- ·The vulnerability is in the Windows Remote Desktop Client (not the server); only systems acting as RDP clients connecting outbound are at risk. ↗
- ·CVE-2020-0734 is distinct from CVE-2020-0681, which is a separate RDP Client RCE patched in the same February 2020 Patch Tuesday cycle. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.5HIGH
vendor_oracle5.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g4hw-72p4-g688: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie
ghsa_unreviewed·2022-05-24·CVSS 7.5
CVE-2020-0734 [HIGH] CWE-20 GHSA-g4hw-72p4-g688: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0681.
GHSA
GHSA-g66c-25c2-m5h7: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie
ghsa_unreviewed·2022-05-24·CVSS 8.8
CVE-2020-0681 [HIGH] CWE-20 GHSA-g66c-25c2-m5h7: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0734.
Microsoft
Remote Desktop Client Remote Code Execution Vulnerability
vendor_msrc·2020-02-11·CVSS 7.5
CVE-2020-0734 [HIGH] Remote Desktop Client Remote Code Execution Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to have control of a server and then convince a user to connect to it. An attacker would have no way of forcing a user to connect to the malicious server, they would need to trick the user into connecting via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An attacker
Oracle
Oracle Oracle Communications Applications Risk Matrix: Security (OpenSSL) — CVE-2018-0734
vendor_oracle·2020-01-15·CVSS 5.1
CVE-2018-0734 [MEDIUM] Oracle Oracle Communications Applications Risk Matrix: Security (OpenSSL) — CVE-2018-0734
Oracle Oracle Communications Applications Risk Matrix: Security (OpenSSL) vulnerability
CVE: CVE-2018-0734
CVSS: 5.1
Protocol: None
Remote exploit: No
Affected versions: Local
Advisory: cpujan2020 (JAN 2020)
No detection rules found.
No public exploits indexed.
Trendmicro
Patch Tuesday: Fixes for LNK, RDP, and Trident
blogs_trendmicro·2020-02-12·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for LNK, RDP, and Trident
Exploits & Vulnerabilities
# Patch Tuesday: Fixes for LNK, RDP, and Trident
February Patch Tuesday brings an even wider range of fixes than January. It addresses a total of 99 vulnerabilities — including 12 classified as Critical. Only five of the vulnerabilities were made public before the patches were released.
By: Trend Micro
2020/02/12
Read time: ( words)
Save to Folio
The first Patch Tuesday of 2020 in January brought an unusually long list of patches, but February brings an even wider range of fixes that address a total of 99 vulnerabilities — including 12 classified as Critical, with the remaining 99 deemed Important. Only five of the vulnerabilities were made public before the patches were released; one of these was rated as Critical.
New Critical vulnerabilities of note inc
Tenable
Microsoft’s February 2020 Patch Tuesday Addresses 99 CVEs Including Internet Explorer Zero-Day (CVE-2020-0674)
blogs_tenable·2020-02-11·CVSS 7.5
[HIGH] Microsoft’s February 2020 Patch Tuesday Addresses 99 CVEs Including Internet Explorer Zero-Day (CVE-2020-0674)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
February 2020 Patch Tuesday – 99 Vulns, 12 Critical, Patch for IE 0-Day, Exchange Vuln, Adobe Vulns
blogs_qualys·2020-02-11·CVSS 8.8
[HIGH] February 2020 Patch Tuesday – 99 Vulns, 12 Critical, Patch for IE 0-Day, Exchange Vuln, Adobe Vulns
This month’s Microsoft Patch Tuesday addresses 99 vulnerabilities with 12 of them labeled as Critical. Of the 12 Critical vulns, 7 are for browser and scripting engines, 2 are for Remote Desktop Client, and the remaining 3 are for LNK files, Media Foundation, and Windows. The IE 0-day disclosed in January is patched as part of the scripting engine fixes. Microsoft also issued a patch for an RCE in Exchange.
Adobe issued patches today for Experience Manager, Digital Editions, Flash Player, Acrobat/Reader, and Framemaker.
## Workstation Patches
The Scripting Engine, LNK files, and Media Foundation vulns in this release means that patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes mult
Qualys
February 2020 Patch Tuesday – 99 Vulns, 12 Critical, Patch for IE 0-Day, Exchange Vuln, Adobe Vulns | Qualys
blogs_qualys·2020-02-11·CVSS 8.8
[HIGH] February 2020 Patch Tuesday – 99 Vulns, 12 Critical, Patch for IE 0-Day, Exchange Vuln, Adobe Vulns | Qualys
This month’s Microsoft Patch Tuesday addresses 99 vulnerabilities with 12 of them labeled as Critical. Of the 12 Critical vulns, 7 are for browser and scripting engines, 2 are for Remote Desktop Client, and the remaining 3 are for LNK files, Media Foundation, and Windows. The IE 0-day disclosed in January is patched as part of the scripting engine fixes. Microsoft also issued a patch for an RCE in Exchange.
Adobe issued patches today for Experience Manager, Digital Editions, Flash Player, Acrobat/Reader, and Framemaker.
### Workstation Patches
The Scripting Engine, LNK files, and Media Foundation vulns in this release means that patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes mul
Talos
Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-02-11·CVSS 8.8
[HIGH] Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 98 vulnerabilities, 12 of which are considered critical and 84 that are considered important. There are also two bugs that were not assigned a severity.
This month's patches include updates to the Windows kernel, the Windows scripting engine and Remote Desktop Procol, among other software and features. Microsoft also provided a critical advisory covering updates to Adobe Flash Player.
Talos released a new set of SNORTⓇ rules today that provide coverage for some of these vulnerabilities, which you can see here.
### Critical vulnerabilities Microsoft disclosed 12 critical vulnerabilities this mo
Talos
Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-02-11·CVSS 7.5
[HIGH] Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 98 vulnerabilities, 12 of which are considered critical and 84 that are considered important. There are also two bugs that were not assigned a severity.
This month's patches include updates to the Windows kernel, the Windows scripting engine and Remote Desktop Procol, among other software and features. Microsoft also provided a critical advisory covering updates to Adobe Flash Player.
Talos released a new set of SNORTⓇ rules today that provide coverage for some of these vulnerabilities, which you can see here
Bugzilla
CVE-2020-8660 envoy: TLS inspector bypassc
bugzilla·2020-02-13·CVSS 5.3
CVE-2020-8660 [MEDIUM] CVE-2020-8660 envoy: TLS inspector bypassc
CVE-2020-8660 envoy: TLS inspector bypassc
A vulnerability was found in Envoy. where TLS inspector could have been bypassed (not recognized as a TLS client) by
a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some security restrictions in the process.
Discussion:
Acknowledgments:
Name: The Envoy Security Team
---
This issue has been addressed in the following products:
OpenShift Service Mesh 1.0
Via RHSA-2020:0734 https://access.redhat.com/errata/RHSA-2020:0734
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2020-8660
---
External References:
https://github.
Bugzilla
CVE-2020-8659 envoy: Excessive CPU and/or memory usage when proxying HTTP/1.1
bugzilla·2020-02-13·CVSS 7.5
CVE-2020-8659 [HIGH] CVE-2020-8659 envoy: Excessive CPU and/or memory usage when proxying HTTP/1.1
CVE-2020-8659 envoy: Excessive CPU and/or memory usage when proxying HTTP/1.1
A vulnerability was found in Envoy version 1.13.0 or earlier may consume excessive amounts of memory
when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.
Discussion:
Acknowledgments:
Name: The Envoy Security Team
---
This issue has been addressed in the following products:
OpenShift Service Mesh 1.0
Via RHSA-2020:0734 https://access.redhat.com/errata/RHSA-2020:0734
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2020-8659
---
External References:
https://github.com/envoyproxy/envoy/security/advisories/GHSA-jwcm-4pwp-c2qv
Bugzilla
CVE-2020-8661 envoy: Response flooding for HTTP/1.1
bugzilla·2020-02-13·CVSS 7.5
CVE-2020-8661 [HIGH] CVE-2020-8661 envoy: Response flooding for HTTP/1.1
CVE-2020-8661 envoy: Response flooding for HTTP/1.1
A vulnerability was found in Envoy version 1.13.0 or earlier may consume excessive amounts of memory when responding internally to pipelined requests.
Discussion:
Acknowledgments:
Name: The Envoy Security Team
---
This issue has been addressed in the following products:
OpenShift Service Mesh 1.0
Via RHSA-2020:0734 https://access.redhat.com/errata/RHSA-2020:0734
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2020-8661
---
External References:
https://github.com/envoyproxy/envoy/security/advisories/GHSA-36cq-ww7h-p4j7
Bugzilla
CVE-2020-8664 envoy: Incorrect Access Control when using SDS with Combined Validation Context
bugzilla·2020-02-13·CVSS 5.3
CVE-2020-8664 [MEDIUM] CVE-2020-8664 envoy: Incorrect Access Control when using SDS with Combined Validation Context
CVE-2020-8664 envoy: Incorrect Access Control when using SDS with Combined Validation Context
A vulnerability was found in Envoy, where using SDS with Combined Validation Context Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even though it was visible in the active config dump.
Discussion:
Acknowledgments:
Name: The Envoy Security Team
---
This issue has been addressed in the following products:
OpenShift Service Mesh 1.0
Via RHSA-2020:0734 https://access.redhat.com/errata/RHSA-2020:0734
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2020-866
2020-02-11
Published