Andrew Burkhardt

**Name of the Vulnerable Software and Affected Versions** Windows Remote Desktop Services (affected versions not specified) **Description** A remote code execution issue exists in Remote Desktop Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This issue is pre-authentication and requires no user interaction, allowing an attacker to execute arbitrary code on the target system. The attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. To exploit this issue, an attacker would need to send a specially crafted request to the target system's Remote Desktop Service via RDP. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.