CVE-2023-35352 : Windows Remote Desktop Security Feature Bypass Vulnerability

Windows Remote Desktop Security Feature Bypass Vulnerability

Published 2023-07-11 18:15:19

Updated 2024-08-29 20:35:13

View at NVD, CVE.org

Products affected by CVE-2023-35352

Microsoft » Windows Server 2012 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2019 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2022 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

13.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	3.9	3.6	Microsoft Corporation
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35352

CVE-2023-35352 - Security Update Guide - Microsoft - Windows Remote Desktop Security Feature Bypass Vulnerability
Patch;Vendor Advisory

Jump to