How could an attacker exploit this vulnerability? When an Microsoft Remote Desktop app for Windows client connects to the server and the user saves the self-signed certificate, the serial number is used to compare the certificate for future use. An attacker could swap out a forged certificate with the same serial number resulting in a machine-in-the-middle (MITM) attack. What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could recover plaintext from TLS-protected data. How do I get the update for a Windows App? The Microsoft Store will automatically update affected customers. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: Get updates for apps and games in Microsoft Store. Be sure to select the tab for the operating system installed on your device to search for updates.
<a href="https://github.com/dscheg">dscheg</a>