CVE-2017-0213

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Windows Server 2008 SP2 and R2 SP1 Windows 7 SP1 Windows 8.1 Windows Server 2012 Gold and R2 Windows RT 8.1 Windows 10 Gold, 1511, 1607, and 1703 Windows Server 2016

Description An elevation-of-privilege issue allows attackers to affect the system. The vulnerability can be exploited by running a specially crafted application. It is used by Iranian hackers, who have low hacking skills, to gain access to systems by scanning for open RDP ports and attempting to brute-force credentials. In case of success, they try to use the vulnerability to elevate privileges. The hackers primarily target systems in Russia, Japan, China, and India, taking advantage of poorly configured RDP connections due to the increased remote work caused by the pandemic.

Recommendations For Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Windows COM Aggregate Marshaler to minimize the risk of exploitation. Restrict access to open RDP ports to prevent brute-force attacks. Use strong credentials and enable additional security measures to prevent unauthorized access.