PT-2024-5638 · Microsoft · Windows+1

Mas0N

Published

2024-08-13

Updated

2025-03-15

CVE-2024-38131

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Remote Desktop Client versions prior to 1.2.5620

Description The vulnerability is related to the Clipboard Virtual Channel Extension in Windows operating systems, which uses insecure mechanisms for handling authentication data in the operating system's memory. This allows a remote attacker to execute arbitrary code. The issue can be exploited by remote attackers to affect the system.

Recommendations Update the Microsoft Remote Desktop Client to at least version 1.2.5620 to fix the vulnerability. As a temporary workaround, consider restricting access to the Clipboard Virtual Channel Extension until the update is applied.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-591

Related Identifiers

BDU:2024-06351

CVE-2024-38131

Affected Products

Remote Desktop Client

Windows

PT-2024-5638 · Microsoft · Windows+1

CVE-2024-38131

Weakness Enumeration

Related Identifiers

Affected Products

References · 16