CVE-2020-0655: Remote Desktop Services Remote Code Execution Vulnerability

Overview

Severity
High (CVSS 8)
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Category
Remote Code Execution
Exploit Status
Not Exploited
Exploitation Likelihood
Less Likely
Patch Tuesday
2020-Feb
Released
2020-02-11
Last Updated
2021-12-14
EPSS Score
51.83% (percentile: 97.9%)

Description

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection. An attacker who successfully exploited this vulnerability could execute arbitrary code on the victim system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker must already have compromised a system running Remote Desktop Services, and then wait for a victim system to connect to Remote Desktop Services. The update addresses the vulnerability by correcting how Remote Desktop Services handles clipboard redirection.

Affected Products (45)

Windows

  • Windows 10 Version 1803 for 32-bit Systems
  • Windows 10 Version 1803 for x64-based Systems
  • Windows Server, version 1803 (Server Core Installation)
  • Windows 10 Version 1803 for ARM64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows Server 2019
  • Windows Server 2019 (Server Core installation)
  • Windows 10 Version 1709 for 32-bit Systems
  • Windows 10 Version 1709 for x64-based Systems
  • Windows 10 Version 1709 for ARM64-based Systems
  • Windows 10 Version 1903 for 32-bit Systems
  • Windows 10 Version 1903 for x64-based Systems
  • Windows 10 Version 1903 for ARM64-based Systems
  • Windows Server, version 1903 (Server Core installation)
  • Windows 10 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 Version 1607 for x64-based Systems
  • Windows Server 2016
  • Windows Server 2016 (Server Core installation)
  • Windows 8.1 for 32-bit systems
  • Windows 8.1 for x64-based systems
  • Windows RT 8.1
  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 R2 (Server Core installation)
  • Windows 10 Version 1909 for 32-bit Systems
  • Windows 10 Version 1909 for x64-based Systems
  • Windows 10 Version 1909 for ARM64-based Systems
  • Windows Server, version 1909 (Server Core installation)
  • Windows Server 2022
  • Windows Server 2022 (Server Core installation)
  • Windows 11 for x64-based Systems
  • Windows 11 for ARM64-based Systems

ESU

  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Security Updates (16)

Acknowledgments

<a href="https://twitter.com/vv474172261">VictorV(Tangtianwen)</a> with Kunlun Lab, Eyal Itkin from Check Point Research

Revision History

  • 2020-02-11: Information published.
  • 2020-02-20: Updated acknowledgment.
  • 2021-12-14: The following revisions have been made: 1) In the Security Updates table, added Windows 11 for x64-based Systems, Windows 11 for ARM64-based Systems, Windows Server 2022, and Windows Server 2022 (Server Core installation) as these versions of Windows are affected by this vulnerability. Customers running Windows 11 or Windows Server 2022 should install the December 2021 security updates to be protected from this vulnerability. 2) Added an acknowledgement.