cbcvebase.
CVE-2020-0734
published 2020-02-11

CVE-2020-0734: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote…

PriorityP258high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
15.91%
96.5th percentile
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0681.

Affected

63 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10_version_1903_for_32-bit_systems

Detection & IOCsextracted from sources · hover to see the quote

  • Exploitation requires a user to connect to a malicious Remote Desktop Server; monitor for RDP client connections to unknown or external RDP servers as a potential indicator of exploitation attempts.
  • Attacker attack vectors include social engineering, DNS poisoning, or Man-in-the-Middle (MITM) techniques to redirect RDP clients to a malicious server; monitor for DNS anomalies and unexpected RDP redirections.
  • Attacker may compromise a legitimate RDP server and host malicious code on it; monitor legitimate RDP servers for unexpected code or configuration changes.
  • ·CVE-2020-0734 is rated 'Exploitation More Likely' for both latest and older software releases, indicating elevated risk despite no known active exploitation at time of disclosure.
  • ·The vulnerability is in the Windows Remote Desktop Client (not the server); only systems acting as RDP clients connecting outbound are at risk.
  • ·CVE-2020-0734 is distinct from CVE-2020-0681, which is a separate RDP Client RCE patched in the same February 2020 Patch Tuesday cycle.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.5HIGH
vendor_oracle5.1MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.