(MS09-044) Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)

  Severity: CRITICAL
  CVE Identifier: CVE-2009-1133,CVE-2009-1929
  Advisory Date: APR 05, 2012

  DESCRIPTION

This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection which could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server. The said vulnerability may also be exploited if a user visits a specially crafted Web site. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  SOLUTION

  AFFECTED SOFTWARE AND VERSION

  • Windows Server 2008 for 32-bit Systems
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for Itanium-based Systems
  • Windows Server 2008 for x64-based Systems
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Vista
  • Windows Vista Service Pack 1
  • Windows Vista Service Pack 2
  • Windows Vista x64 Edition
  • Windows Vista x64 Edition Service Pack 1
  • Windows Vista x64 Edition Service Pack 2
  • Windows 2000 Service Pack 4
  • Windows Server 2003 Service Pack 2
  • Windows Server 2003 with SP2 for Itanium-based Systems
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows XP Service Pack 2
  • Windows XP Service Pack 3