CVE-2022-22017
published 2022-05-10CVE-2022-22017: Remote Desktop Client Remote Code Execution Vulnerability
PriorityP264high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
37.10%
98.3th percentile
Remote Desktop Client Remote Code Execution Vulnerability
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | remote_desktop_client_for_windows_desktop | >= 1.2.0.0 < 1.2.3130 | 1.2.3130 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.675 | 10.0.22000.675 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.707 | 10.0.20348.707 |
| msrc | remote_desktop_client_for_windows_desktop | — | — |
| msrc | windows_11_version_21h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_21h2_for_x64-based_systems | — | — |
| msrc | windows_server_2022 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Attacker must control a malicious RDP server that a victim connects to; monitor for outbound RDP connections to untrusted/external hosts, particularly on TCP 3389 ↗
- →Exploitation assessed as 'More Likely' for both latest and older software releases; prioritize detection and patching of Remote Desktop Client across all supported versions ↗
- →Social engineering is the initial vector; alert on user-initiated RDP client connections to external or newly-seen RDP endpoints ↗
- ·This is a client-side RCE triggered when the victim connects outbound to a malicious RDP server; the attack surface is the Remote Desktop Client, not the RDP server/listener ↗
- ·Customer action is required; patching alone is insufficient without ensuring users do not connect to untrusted RDP servers ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
cisa5.3MEDIUM
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Remote Desktop Client Remote Code Execution Vulnerability
vendor_msrc·2022-05-10·CVSS 8.8
CVE-2022-22017 [HIGH] Remote Desktop Client Remote Code Execution Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
FAQ: How would an attacker exploit this vulnerability?
An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim's system in the context of the targeted user.
Remote Desktop Client: Remote Desktop Client
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely
Remediation: Release Notes
Reference: https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/windowsdesktop-whatsnew#updates-for-version-123130
Reference: https://cat
CISA
VMware vCenter Server Improper Access Control
cisa·2022-01-10·CVSS 5.3
CVE-2021-22017 [MEDIUM] CWE-23 VMware vCenter Server Improper Access Control
Vulnerability: VMware vCenter Server Improper Access Control
Affected: VMware vCenter Server
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-22017
Remediation Due Date: 2022-01-24
GHSA
GHSA-xwch-gx2x-qj27: Remote Desktop Client Remote Code Execution Vulnerability
ghsa_unreviewed·2022-05-11
CVE-2022-22017 [HIGH] GHSA-xwch-gx2x-qj27: Remote Desktop Client Remote Code Execution Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability.
No detection rules found.
No public exploits indexed.
Qualys
May 2022 Patch Tuesday | Microsoft Releases 75 Vulnerabilities With 8 Critical; Adobe Releases 5 Advisories, 18 Vulnerabilities With 16 Critical.
blogs_qualys·2022-05-10·CVSS 5.6
[MEDIUM] May 2022 Patch Tuesday | Microsoft Releases 75 Vulnerabilities With 8 Critical; Adobe Releases 5 Advisories, 18 Vulnerabilities With 16 Critical.
## Table of Contents
Microsoft Patch Tuesday Summary
Notable Microsoft Vulnerabilities Patched
Microsoft Last But Not Least
Notable Adobe Vulnerabilities Patched
About Qualys Patch Tuesday
Discover and Prioritize Vulnerabilities in Vulnerability Management Detection Response (VMDR)
Rapid Response with Patch Management (PM)
Qualys Monthly Webinar Series
Join the webinar this Month in Vulnerabilities & Patches
## Microsoft Patch Tuesday Summary
Microsoft has fixed 75 vulnerabilities in the May 2022 update, including one advisory ( ADV220001 ) for Azure in response to CVE-2022-29972 , a publicly exposed Zero-Day Remote Code Execution (RCE) Vulnerability, and eight vulnerabilities classified as critical as they allow Remote Code Execution (RCE) or Elevation of Privileges. This month
Qualys
May 2022 Patch Tuesday | Microsoft Releases 75 Vulnerabilities With 8 Critical; Adobe Releases 5 Advisories, 18 Vulnerabilities With 16 Critical. | Qualys
blogs_qualys·2022-05-10·CVSS 5.6
[MEDIUM] May 2022 Patch Tuesday | Microsoft Releases 75 Vulnerabilities With 8 Critical; Adobe Releases 5 Advisories, 18 Vulnerabilities With 16 Critical. | Qualys
#### Table of Contents
- Microsoft Patch Tuesday Summary
- Notable Microsoft Vulnerabilities Patched
- Microsoft Last But Not Least
- Notable Adobe Vulnerabilities Patched
- About Qualys Patch Tuesday
- Discover and Prioritize Vulnerabilities in Vulnerability Management Detection Response (VMDR)
- Rapid Response with Patch Management (PM)
- Qualys Monthly Webinar Series
- Join the webinar this Month in Vulnerabilities & Patches
## Microsoft Patch Tuesday Summary
Microsoft has fixed 75 vulnerabilities in the May 2022 update, including one advisory ( ADV220001 ) for Azure in response to CVE-2022-29972, a publicly exposed Zero-Day Remote Code Execution (RCE) Vulnerability, and eight vulnerabilities classified as critical as they allow Remote Code Execution (RCE) or Elevation of Privileges.
Crowdstrike
May 2022 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] May 2022 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2022-05-10
Published