PT-2024-9327 · Microsoft · Remote Desktop+1

Naceri

Published

2024-12-10

Updated

2025-01-15

CVE-2024-49105

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Microsoft Remote Desktop versions prior to 1.2.5807

Description: The issue is related to a remote code execution vulnerability in the Remote Desktop Client, which is associated with inadequate access control. This vulnerability can be exploited by a remote attacker to execute arbitrary code.

Recommendations: For versions prior to 1.2.5807, update to version 1.2.5807 or later to resolve the issue. As a temporary workaround, consider restricting access to the Remote Desktop Client until a patch is applied. Ensure all systems are patched with the latest security updates.

Fix

RCE

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2024-11017

CVE-2024-49105

Affected Products

Remote Desktop

Windows

PT-2024-9327 · Microsoft · Remote Desktop+1

CVE-2024-49105

Weakness Enumeration

Related Identifiers

Affected Products

References · 12