CVE-2022-26940: Remote Desktop Protocol Client Information Disclosure Vulnerability

Overview

Severity

Medium (CVSS 6.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Category

Information Disclosure

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2022-May

Released

2022-05-10

EPSS Score

16.35% (percentile: 94.9%)

FAQ

What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.

Affected Products (5)

Windows

• Remote Desktop client for Windows Desktop
• Windows Server 2022
• Windows Server 2022 (Server Core installation)
• Windows 11 version 21H2 for x64-based Systems
• Windows 11 version 21H2 for ARM64-based Systems

Security Updates (3)

• Release Notes
• 5013944
• 5013943

Acknowledgments

bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a>

Revision History

• 2022-05-10: Information published.