CVE-2018-0976 : A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when a

A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Published 2018-04-12 01:29:08

Updated 2019-10-03 00:03:26

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2018-0976

Microsoft » Windows Server 2008 » Version: R2 Update SP1
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: N/A Update SP2
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows 7 » Version: N/A Update SP1
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8.1
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Rt 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: N/A
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1511
cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1607
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1703
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1709
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: 1709
cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-0976

EPSS FAQ

9.96%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 92 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-0976

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.5	LOW	AV:N/AC:M/Au:S/C:N/I:N/A:P	6.8	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.3	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H	1.6	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

References for CVE-2018-0976

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0976

CVE-2018-0976 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
Patch;Vendor Advisory
http://www.securityfocus.com/bid/103651

Microsoft Windows Remote Desktop Protocol CVE-2018-0976 Denial of Service Vulnerability
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1040658

Windows Remote Desktop Connection Request Processing Flaw Lets Remote Users Cause the Target Service to Crash - SecurityTracker
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2018-0976

Products affected by CVE-2018-0976

Exploit prediction scoring system (EPSS) score for CVE-2018-0976

CVSS scores for CVE-2018-0976

References for CVE-2018-0976