Microsoft Remote Desktop Client Remote Code Execution Vulnerability [CVE-2021-38666]

November 22, 2021 Duncan 2056 Views 0 Comments CVE-2021-38666, Cyber Security, Microsoft, RDP 0 min read

CVE number -= CVE-2021-38666

In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available.

See https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38666 for updates and further information.

Duncan

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Microsoft Remote Desktop Client Remote Code Execution Vulnerability [CVE-2021-38666]

Like this:

Related Posts

Duncan

Leave a ReplyCancel reply

Share this:

Like this:

Related Posts

Duncan

Leave a ReplyCancel reply