CVE-2016-0190

Name of the Vulnerable Software and Affected Versions Volume Manager Driver in Microsoft Windows versions 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1

Description The issue is related to the lack of user verification when accessing the RemoteFX RDP USB function. This allows a local attacker to read arbitrary files on disks by sending requests to RemoteFX. The vulnerability can be exploited to obtain sensitive information and affect the system.

Recommendations For Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1, consider restricting access to the RemoteFX RDP USB function until a patch is available. As a temporary workaround, consider disabling the RemoteFX feature to minimize the risk of exploitation. Avoid using the RemoteFX RDP USB disk access functionality in sensitive environments until the issue is resolved.