CVE-2022-21850

HIGH8.8JSON export Create alert

Description

Remote Desktop Client Remote Code Execution Vulnerability

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Unchanged

Changed

Affected products

Microsoft / Remote Desktop client for Windows Desktop1.2.0.0 – 1.2.2691.0
Microsoft / Windows 10 Version 150710.0.10240.0 – 10.0.10240.19177
Microsoft / Windows 10 Version 160710.0.14393.0 – 10.0.14393.4886
Microsoft / Windows 10 Version 180910.0.17763.0 – 10.0.17763.2452
Microsoft / Windows 10 Version 180910.0.0 – 10.0.17763.2452
Microsoft / Windows 10 Version 190910.0.0 – 10.0.18363.2037
Microsoft / Windows 10 Version 20H210.0.0 – 10.0.19042.1466
Microsoft / Windows 10 Version 21H110.0.0 – 10.0.19043.1466
Microsoft / Windows 10 Version 21H210.0.19043.0 – 10.0.19044.1466
Microsoft / Windows 11 version 21H210.0.0 – 10.0.22000.434
Microsoft / Windows 76.1.0 – 6.1.7601.25829
Microsoft / Windows 7 Service Pack 16.1.0 – 6.1.7601.25829
Microsoft / Windows 8.16.3.0 – 6.3.9600.20246
Microsoft / Windows Server 2008 R2 Service Pack 16.1.7601.0 – 6.1.7601.25829
Microsoft / Windows Server 2008 R2 Service Pack 1 (Server Core installation)6.1.7601.0 – 6.1.7601.25829
Microsoft / Windows Server 2008 Service Pack 26.0.6003.0 – 6.0.6003.21349
Microsoft / Windows Server 2008 Service Pack 2 (Server Core installation)6.0.6003.0 – 6.0.6003.21349
Microsoft / Windows Server 20126.2.9200.0 – 6.2.9200.23584
Microsoft / Windows Server 2012 R26.3.9600.0 – 6.3.9600.20246
Microsoft / Windows Server 2012 R2 (Server Core installation)6.3.9600.0 – 6.3.9600.20246
Microsoft / Windows Server 2012 (Server Core installation)6.2.9200.0 – 6.2.9200.23584
Microsoft / Windows Server 201610.0.14393.0 – 10.0.14393.4886
Microsoft / Windows Server 2016 (Server Core installation)10.0.14393.0 – 10.0.14393.4886
Microsoft / Windows Server 201910.0.17763.0 – 10.0.17763.2452
Microsoft / Windows Server 2019 (Server Core installation)10.0.17763.0 – 10.0.17763.2452
Microsoft / Windows Server 202210.0.20348.0 – 10.0.20348.469
Microsoft / Windows Server version 20H210.0.0 – 10.0.19042.1466

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21850