(MS09-044) Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)
Publish Date: 05 de апреля de 2012
Severity: : Critical
CVE Kennungen: : CVE-2009-1133,CVE-2009-1929
Advisory Date: 05 de апреля de 2012
DESCRIPTION
This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection which could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server. The said vulnerability may also be exploited if a user visits a specially crafted Web site. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
SOLUTION
AFFECTED SOFTWARE AND VERSION:
- Windows Server 2008 for 32-bit Systems
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems
- Windows Server 2008 for x64-based Systems
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Vista
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2
- Windows 2000 Service Pack 4
- Windows Server 2003 Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2003 x64 Edition Service Pack 2
- Windows XP Professional x64 Edition Service Pack 2
- Windows XP Service Pack 2
- Windows XP Service Pack 3