Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-111436
HistoryJan 14, 2020 - 12:00 a.m.

Microsoft Windows Remote Desktop Web Access CVE-2020-0637 Information Disclosure Vulnerability

2020-01-1400:00:00
Symantec Security Response
www.symantec.com
72
JSON

Description

Microsoft Windows Remote Desktop Web Access is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks.

Technologies Affected

  • Microsoft Windows Server 2008 R2 for x64-based Systems SP1
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2019

Recommendations

Block external access at the network boundary, unless external parties require service.
Filter access to the affected computer at the network boundary if global access isn’t required. Restricting access to only trusted computers and networks might greatly reduce the likelihood of exploits.

Run all software as a nonprivileged user with minimal access rights.
To mitigate the potential impact of a successful exploit, run the affected application as a user with minimal access rights.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for anomalous or suspicious activity. Monitor logs generated by NIDS and by the server itself for evidence of attacks against the server.

Updates are available. Please see the references or vendor advisory for more information.

Related

mscve 1
prion 1
cve 1
mskb 8
openvas 4
kaspersky 2
nessus 5
talosblog 1
mscve
mscve
Remote Desktop Web Access Information Disclosure Vulnerability
2020-01-14 08:00:00
prion
prion
Information disclosure
2020-01-14 23:15:00
cve
cve
CVE-2020-0637
2020-01-14 23:15:00
mskb
mskb
January 14, 2020—KB4534314 (Security-only update)
2020-01-14 08:00:00
January 14, 2020—KB4534310 (Monthly Rollup)
2020-01-14 08:00:00
January 14, 2020—KB4534288 (Security-only update)
2020-01-14 08:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4534310)
2020-01-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4534297)
2020-01-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4534273)
2020-01-15 00:00:00
kaspersky
kaspersky
KLA11703 Multiple vulnerabilities in Microsoft Products (ESU)
2020-01-14 00:00:00
KLA11639 Multiple vulnerabilities in Microsoft Windows
2020-01-14 00:00:00
nessus
nessus
KB4534314: Windows 7 and Windows Server 2008 R2 January 2020 Security Update
2020-01-14 00:00:00
KB4534309: Windows 8.1 and Windows Server 2012 R2 January 2020 Security Update
2020-01-14 00:00:00
KB4534288: Windows Server 2012 January 2020 Security Update
2020-01-14 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
2020-01-17 10:14:27
JSON
Related for SMNTC-111436
mscve1prion1cve1mskb8openvas4kaspersky2nessus5talosblog1