The Windows Remote Desktop client for Windows installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21990) - An information disclosure vulnerability An authenticated, remote attacker can exploit this, via [VECTOR], to read small portions of heap memory. (CVE-2022-24503) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Remote Desktop Protocol Client Information Disclosure Vulnerability
Microsoft Remote Desktop Client Remote Code Execution (CVE-2022-21990)
March 2022 Patch Tuesday: Microsoft Releases 92 Vulnerabilities with 3 Critical; Adobe Releases 3 Advisories, 6 Vulnerabilities with 5 Critical.
Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday
KB5011495: Windows 10 Version 1607 and Windows Server 2016 Security Update (March 2022)
KB5011503: Windows 10 version 1809 / Windows Server 2019 Security Update (March 2022)
KB5011487: Windows 10 Version 20H2 / Windows 10 Version 21H1 / Windows 10 Version 21H2 Security Update (March 2022)
Microsoft addressed three zero-day vulnerabilities March 2022 Patch Tuesday Update
Update now! Microsoft patches three zero-day vulnerabilities on Patch Tuesday
Critical Security Patches Issued by Microsoft, Adobe and Other Major Software Firms
Microsoft Patch Tuesday March 2022
Patch Tuesday - March 2022